Author Archives: David

ChoicePoint, the data broker at the center of the data breach controversy that erupted last year (and continues to play out even now), has received a $10 million fine from the Federal Trade Commission and, in addition, has agreed to contribute another $5 million to a fund aimed at helping those who were harmed following [...]

Recently, Microsoft added its voice to those calling for uniform federal privacy legislation that preempts individual state laws. Brad Smith, a senior VP and general counsel for the company, made the announcement at a recent Congressional Internet Caucus gathering: Over the past few years … several factors have altered the privacy landscape in such a [...]

Thursday the Senate Judiciary committee approved (by voice vote) Senator Jeff Sessions’ (R-AL) “Notification of Risk to Personal Data Act” (S. 1326). The bill calls for the creation of data protection programs, mandates security breach notifications, and provides for the preemption of similar state laws. It was one of a number of data protection bills [...]

The House Homeland Security Committee yesterday heard testimony regarding the security of the nation’s supervisory control and data acquisition (SCADA) systems — the computer systems used to control such things as water flow through dams, the operation of power plants, and so on. The occassion was a joint hearing between the Subcommittee on Economic Security, [...]

There are a couple of interesting cybersecurity items currently worthy of your attention: * USACM Chair Eugene Spafford makes comments on the Department of Defense’s approach to cybersecurity in a recent Federal Computer Week article: [...] Spafford said incremental changes will not strengthen existing networks and a whole new approach [to DOD cybersecurity] is needed. [...]

The Seattle Post-Intelligencer reports on the feelings of some state lawmakers (who are gathering this week for a meeting of the National Conference of State Legislatures) regarding the impending implementation of the Real ID Act. The crux of the issue for many state lawmakers is just who should pay the act’s costs: [State leaders at [...]

With things relatively quiet in Washington just now (it is August, after all), we have a chance to take a closer look at an interesting law that is pending in the California legislature: S.B. 682, Senator Simitian’s “Identity Information Protection Act.” The bill has two main purposes: 1. Prohibit the inclusion of “contactless integrated circuit” [...]

Not to be outdone by other Congressional committees working to address the current data security and privacy crisis illustrated by this year’s numerous data breach disclosures and controversies, the Senate Commerce committee has decided to wade into the debate and is set to markup S. 1408 on Thursday. The bill, dubbed the Identity Theft Protection [...]

A recent article in the Chronicle of Higher Education [subscription req'd] points us to proposed rule changes from the Department of Defense that would create new restrictions on foreign researchers’ access to export-controlled technology: The proposed rules would require foreign researchers to wear badges and would require laboratories to contain segregated work areas to control [...]

In part one, we took a look at some of the bill’s basic characteristics, its political context, and its likely prospects. In this part, we’ll address what we see as some areas of concern with the bill: Complexity, Imprecision — The bill sets forth a very dense, complex regulatory framework for data security and protecting [...]

Senator Russ Feingold (D-Wis.) recently added his support to the “Personal Data Privacy and Security Act” (S. 1332), an important bill from Senators Specter and Leahy that we described briefly in a recent post. At over 90 pages, the bill is a comprehensive (and complex) attempt to address the privacy and security issues that have [...]

Reacting to the current troubling situation regarding data security and privacy in the U.S., two powerful senators introduced legislation yesterday designed to better protect sensitive personal information. Senator Arlen Specter (R-PA) and Senator Patrick Leahy (D-VT) — the two most powerful members of the Senate Judiciary Committee — put forward the “Data Privacy and Security [...]

The NY Times has more information (and two follow-up articles) about the staggering loss of data at a credit card transaction processing company that came to light over the weekend: The security breach was first reported Friday when MasterCard International said a lapse at CardSystems had allowed the installation of a rogue computer program that [...]

Update – June 18: Details are emerging this weekend of a very large scale data breach of credit card data at a transaction processing center affecting some 40 million files. More details are available at the Washington Post and the NY Times. Yesterday the Senate Commerce, Science & Transportation Committee held a hearing on identity [...]

The Washington Post has an article today about the ongoing work of private investigators to prevent policymakers (and some data brokers) from limiting their access to Social Security numbers, a key tool of their trade for tracking individuals: Private investigators are working to blunt legislation that cracks down on the active marketplace for Social Security [...]

Update: The NY Times published a thoughtful follow-up article on data security today. Citigroup has become the latest member of a group of large companies that have suffered major data losses or breaches in the last several months. As reported in today’s Washington Post: A unit of financial services giant Citigroup Inc. said yesterday that [...]

The NY Times ran an editorial today sounding the cybersecurity alarm (again): [...] Experts have long warned that the nation’s power, transportation and communications systems are vulnerable to “cyberattacks” that could devastate the economy and cause huge damage to life and property. Now a new government report has concluded that far too little is being [...]

With most eyes focused (understandably) on the Senate’s judicial filibuster fight, the House of Representatives yesterday passed two pieces of spyware legislation: H.R. 29 — Rep. Mary Bono’s (R-CA) Securely Protect Yourself Against Cyber Trespass Act (SPY Act), which would, among other things, prohibit deceptive acts or practices intended to take unsolicited control of the [...]

Federal Trade Commissioner (FTC) Orson Swindle had some strong words recently for business leaders attending a meeting on cybercrime convened by the Business Software Alliance and the Center for Strategic and International Studies (as reported in National Journal’s Tech Daily [subscription req'd]): “Industry has been irresponsible, and someone’s got to pay,” [he said ...] Swindle [...]

Security expert Bruce Schneier has a sobering post on the Real ID Act today: REAL ID The United States is getting a national ID card. The REAL ID Act … establishes uniform standards for state driver’s licenses, effectively creating a national ID card. It’s a bad idea, and is going to make us all less [...]

From the front page of today’s NY Times, an article on the Real ID Act’s progress: WASHINGTON, May 2 – Congress is moving quickly toward setting strict rules on how states issue driver’s licenses, requiring them to verify whether each applicant for a new license or a renewal is in this country legally. A House [...]

From an article in this morning’s Washington Post: A former employee of the Blockbuster video store in [Washington's] Dupont Circle [neighborhood] has been indicted on charges of stealing customers’ identities, then using them to buy more than $117,000 in trips, electronics and other goods, including a Mercedes-Benz. A grand jury charged that Miles N. Holloman [...]

The New York Times recently ran an editorial pointing out how crucial California’s data breach notification law has been in bringing to light the current vulnerabilities of personal information:

The Wall Street Journal (subscription required) has an article today that describes how many European banks have tighter security for online banking:

Chairman Arlen Specter (R-PA) presided over a Senate Judiciary Committee hearing yesterday looking further into recent breaches of personal information at data brokers like ChoicePoint, LexisNexis, and Acxiom. The hearing served to deepen the sense in Washington that Congressional action to regulate data brokers and the commercial use of personal information is inevitable at this [...]

Declan McCullagh’s most recent article provides some interesting insight into the power and effectiveness of the Department of Homeland Security’s Chief Privacy Officer (CPO), Nuala O’Connor Kelly. The article seems to reinforce the notion that privacy concerns aren’t always taken as seriously within DHS as they are within other organizations that have CPOs: Nuala O’Connor [...]

If you were thinking that the controversy over recent large-scale data breaches and identity theft was settling down into a nice orderly policy debate, think again: LexisNexis Data on 310,000 People Feared Stolen NEW YORK/AMSTERDAM (Reuters) – Data broker LexisNexis said Tuesday that personal information may have been stolen on 310,000 U.S. citizens, or nearly [...]

“Legislatures in more than two dozen states are considering ways to give consumers more control over personal information that is collected and sold by private firms, but many of the proposals are drawing fire from financial services companies. Bills are on the table in 28 states responding to a series of high-profile security breaches at [...]

Wednesday (April 6) saw the first meeting of the Department of Homeland Security’s new Data Privacy and Integrity Advisory Committee (the creation of which we covered earlier here). The 20-member committee will be led by the Heritage Foundation’s Paul Rosenzweig (chair) and Lisa Sotto (vice chair), a Hunton and Williams partner. The committee heard from [...]

One thing became crystal clear during this week’s hearings involving the leaders of information brokers ChoicePoint and LexisNexis (among others) by a House Energy and Commerce subcommittee and the Senate Banking Committee (here and here): namely, the intent of policymakers to take action toward regulating the information brokerage industry. Indeed, the question now is less [...]

Some strong words from powerful policymakers in a NY Times article today: “I personally see no socially redeeming value in anyone having the right to give away and sell my personal information unless I approve it,” the chairman of the House Energy and Commerce Committee, Joe Barton, said yesterday. “Under current law these companies [information [...]

LexisNexis, a large international provider of legal and business data, announced today that it, too, had recently been the vicitim of identity thieves. A Washington Post article this afternoon describes how “data on 32,000 consumers was fraudulently gathered in a series of incidents.” Among the data were such things as names, addresses, Social Security numbers [...]

U.S. Rep. Mary Bono’s (R-CA) “Securely Protect Yourself Against Cyber Trespass Act (or “SPY ACT”) passed another hurdle earlier today as the full House Energy and Commerce Committee held a hearing to mark up H.R. 29. The measure has fairly wide bipartisan support and counts 58 cosponsors as of this writing.

“Have you ever wondered what good it does when they look at your driver’s license at the airport? Let me assure you, as a former bureaucrat partly responsible for the 1996 decision to create a photo-ID requirement, it no longer does any good whatsoever. [...] Congress is debating the Real ID bill [click here for [...]

“[...] For years, fears of identity theft and improper disclosure of private information have fueled calls for tighter regulation of the mountains of personal data now electronically available to employers, insurance companies, lenders and others. Those anxieties have risen since ChoicePoint revealed last month that alleged identity thieves had duped the company into selling the [...]

“The recently disclosed privacy breach at the data collection giant ChoicePoint, in which con artists gained access to the Social Security numbers, addresses and other personal data of nearly 145,000 people, has exposed the shortcomings of the laws governing the data-mining industry and consumer privacy. [...] But whatever the specific legal fallout of the ChoicePoint [...]

“A major break-in at one of the nation’s largest information brokers could usher in regulation for companies that have trafficked in data unfettered for years, computer-security experts and privacy advocates say. New York, Texas and Georgia are among states pressing for laws that mirror California’s breach law, which requires companies to notify residents if their [...]

“A California woman has sued ChoicePoint Inc. for fraud and negligence after criminals gained access to a database of personal records compiled by the company. The suit, which seeks class-action status, was filed in Los Angeles Superior Court last Friday and claims that for at least five months the company failed to adequately protect people’s [...]

“[...] At America’s insistence, passports are about to get their biggest overhaul since they were introduced. They are to be fitted with computer chips that have been loaded with digital photographs of the bearer (so that the process of comparing the face on the passport with the face on the person can be automated), digitised [...]

“One of the nation’s largest commercial information services said yesterday that thousands of Washington area residents were among those whose personal and financial details were sold to fraud artists apparently behind a nationwide identity theft scheme. As many as 4,500 residents in the District, Maryland and Virginia were among up to 145,000 people whose names, [...]

“One of the nation’s biggest information services has begun warning more than 100,000 people across the country they may be targets of fraud, following disclosures the company inadvertently sold personal and financial records to fraud artists apparently involved in a massive identity theft scheme. ChoicePoint Inc. electronically delivered thousands of reports containing names, addresses, Social [...]

Declan McCullagh has a new article about the Real ID Act, which (as we reported here) easily passed the House of Representatives last week. Among other things, Declan reports on the opposition to the bill by Rep. Ron Paul (R-TX), one of “eight Republicans to object to the measure.” Declan also addresses the legislation’s chances [...]

“Criminals posing as legitimate businesses have accessed critical personal data stored by ChoicePoint Inc., a firm that maintains databases of background information on virtually every U.S. citizen, MSNBC.com has learned. The incident involves a wide swath of consumer data, including names, addresses, Social Security numbers, credit reports and other information. ChoicePoint aggregates and sells such [...]

Yesterday House Judiciary Committee Chairman James Sensenbrenner’s (R-WI) immigration bill, the Real ID Act (H.R. 418), was passed by the U.S. House of Representatives. The bill is intended to disrupt terrorist travel and bolster U.S. border security and includes much of the immigration reform language that was dropped from last year’s intelligence overhaul legislation (discussed [...]

“SUTTER, Calif. (AP) — The only grade school in this rural town is requiring students to wear radio frequency identification badges that can track their every move. Some parents are outraged, fearing it will take away their children’s privacy. The badges introduced at Brittan Elementary School on Jan. 18 rely on the same radio frequency [...]