Social Security Numbers Widely Available

According to the Government Accountability Office (GAO), many bulk and online public records contain Social Security Numbers (SSNs), exposing many people to an increased risk of identity theft. Responding to a request from Senator Charles Schumer, the GAO prepared a report addressing the following concerns:

  • (1) to what extent, for what reasons, and to whom are public records that may contain SSNs available for bulk purchase and online, and
  • (2) what measures have been taken to protect SSNs that may be contained
    in these records

The GAO sampled state and local government and business records practices and determined the following estimates:
Continue reading “Social Security Numbers Widely Available”

Google Settles Key Copyright Case

This morning Google announced the settlement of a lawsuit brought against them by the Authors Guild and the Association of American Publishers over their Book Search technology. Google launched this product several years ago, which indexes books that Google scans from partnering university libraries. Book Search allowed full access to out-of-copyright material and snippets of works that were still copyrighted. It quickly became a controversial topic in the copyright wars as publishers claimed that the snippets were still a violation of copyright. Google claimed it was a Fair Use of the works because the full text was still protected and that it greatly enhanced the public’s access to these materials. Here is a summary of the agreement from their press release:
Continue reading “Google Settles Key Copyright Case”

Federal Trade Commission Chairman Speaks on Internet Privacy

William Kovacic, Chairman of the Federal Trade Commission, appeared on C-SPAN’s The Communicators recently to discuss the Internet and privacy policy. The audio podcast is available online as well as a video clip – which appears to be Mac-unfriendly.

It’s a wide-ranging discussion on many internet issues with one of the two agency heads (the other being the Federal Communications Commission) most responsible for monitoring and regulating Internet activity. Chairman Kovacic does a good job discussing the basics of internet tracking and aggregation – how sites can collect information on your web-surfing activity in order to target advertising. That’s in the first part of the broadcast. Discussion shifts to spam and other concerns such as internet infrastructure, social engineering, identity theft and mobile marketing. Those who are already well versed in these issues will probably want to focus on the first 10 minutes or so of the broadcast.

Washington Post Cites Growing Voter Database Issues

Saturday’s Washington Post detailed growing concerns and political battles over the implementation of new voter registration procedures as states use newly constituted statewide voter registration databases. One of the most difficult issues to resolve is the “no match” problem when state voter registration databases are compared against federal databases (such as the Social Security Number database) or other state databases. Matching problems occur when there are typos in entries, outdated data is used or there are just plain errors in the information. Depending on how tightly the state interprets no match problems, eligible voters might be dropped from voting rolls. While dropped voters are supposed to be notified, voters may not have enough of a window to file a protest if the automatic merging and purging occurs too close to an election.

This issue was raised in USACM’s 2006 report on statewide voter registration databases. The report made about 100 recommendations and spoke specifically to the no match issue:

“8. Election officials should develop special procedures and protections to handle large-scale merges with and purges of the VRD.

One of HAVA’s main requirements is that VRDs be coordinated with other state databases (such as motor vehicle records). Ensuring that voter records reflect up-to-date information from other databases can improve the accuracy of VRD, but coordination can introduce errors from the same databases, thereby undermining accuracy. Because large scale merges and purges can render voters ineligible, the action should only be performed by a senior election official with procedures that force some sort of manual review of the changes. Further, if large-scale purges occur, they should be done well in advance of any election, and anyone purged from the database should receive notification so that any errors can be corrected.”

According to the Washington Post article, 31 states are actively using their statewide databases for the first time in this election. This, combined with the anticipated heavy voter turnout, means the November election will be critical test of these systems.

EDUCAUSE Analyzes University IT Workforce – Potential Shortage Ahead

While ACM has focused on Information Technology workforce issues, we have rarely had the opportunity to look at specific sectors in detail. EDUCAUSE is focused on Information Technology in higher education, and I want to note a recently released study their research center conducted on the IT workforce in higher education.

Leading the IT Workforce in Higher Education follows a 2004 EDUCAUSE report and combines interviews, surveys, and a literature review in assessing the leadership of information technology (defined as senior IT leaders, whether or not they aspired to be Chief Information Officers {CIOs} or not) in the higher education sector. It’s also a bit expensive, so I’m relating some of the key findings from a summary available from EDUCAUSE, instead of the full report. Keep in mind that the findings reflect those who responded to the survey (3,100 out of 19,787 who received surveys)
Continue reading “EDUCAUSE Analyzes University IT Workforce – Potential Shortage Ahead”

A Framework For Thinking About Surveillance

Calling on the Executive and Legislative branches of the U.S. Government to “systematically” review every counterterrorism program that deals with personal data and establish new privacy protections, the National Academies recently released a new report examining counterterrorism efforts and privacy rights. In usual academies fashion, the report is a tome. The august body convened a distinguished and diverse panel to produce a comprehensive report that lays out the entire context of discussion, makes recommendations, and offers a detailed framework for reviewing counterterrorism programs.

It makes two overarching recommendations:

  • U.S. government agencies should be required to follow a systematic process to evaluate the effectiveness, lawfulness, and consistency with U.S. values of every information-based program, whether classified or unclassified, for detecting and countering terrorists before it can be deployed, and periodically thereafter.
  • The U.S. government should periodically review the nation’s laws, policies, and procedures that protect individuals’ private information for relevance and effectiveness in light of changing technologies and circumstances. In particular, Congress should reexamine existing law to consider how privacy should be protected in the context of information-based programs (e.g., data mining) for counterterrorism.

Continue reading “A Framework For Thinking About Surveillance”

ACM Washington Update, Vol. 12.9 (October 7, 2008)

CONTENTS

[1] Newsletter Highlights
[2] Federal Investigators Criticize Voting Testing Lab Certification
[3] Congress Punts Again on Science Funding
[4] Congress Strengthens Cybercrime Enforcement
[5] Congress Targets Intellectual Property Infringers
[6] About USACM

[An archive of all previous editions of Washington Update is available at
http://www.acm.org/usacm/update/]
Continue reading “ACM Washington Update, Vol. 12.9 (October 7, 2008)”

Copyright Legislation Targets Counterfeiting and Infringement

In a sign that Congress isn’t focused exclusively on rescue plans, both houses recently passed the PRO-IP Act, legislation intended to fight copyright infringement and counterfeiting. The bill was championed by content providers, with some objections from non-profit and library groups, who would likely be caught up in the implementation of the law. Their opposition was likely a major influence on removing parts of the legislation that would have obligated the Attorney General to handle civil enforcement of copyright violations, something traditionally left to private parties.

The bill primarily increases penalties for copyright infringement and copyright counterfeiting (this would include penalties for trafficking in counterfeit goods). Some violations now have criminal penalties, including forfeiture, and other crimes have been elevated to felonies. Additionally, the bill establishes an Intellectual Property Enforcement Coordinator (IPEC) within the Executive Office of the President. The IPEC will develop a Joint Strategic Plan for IP enforcement and chair an interagency intellectual property enforcement advisory group. Other provisions allow for federal grants to support local law enforcement and other work to improve the tracking and enforcement of copyright piracy.

Other intellectual property bills are in process, but it’s unclear with the current legislative priority whether they will be resolved now, or in the next Congress.