Category Archives: Privacy and Security

’08 Tech Policy Outlook: Health Privacy and Health IT

A policy goal – like privacy protections – that has been tried repeatedly over the last few years has been legislation or other efforts to encourage the adoption of health information technology. Previous attempts have stalled somewhere in the halls of Congress, and the most recent health legislation – HIPAA – the Health Insurance Portability [...]

Posted in Privacy and Security | Comments closed

Increases Proposed for Basic Research Agencies; NIST Proposes New Cyber Security Program

For the past few years we’ve been following funding for three key physical science agencies — The National Science Foundation (NSF), The Department of Energy Office of Science (DoE), and the National Institute of Standards and Technology (NIST). Last week the President released his proposed budget for fiscal year 2009, which contains some healthy increases [...]

Also posted in Innovation | Comments closed

’08 Tech Policy Outlook: Identity Theft and Data Security

Our next post in this series on Technology Policy in 2008 focuses on two connected issues – Identity Theft and Data Security. Data breaches continue, as a recent theft of a hard drive at Georgetown University demonstrates. According to PrivacyRights.org, since January 2005 there have been over 218 million records exposed. To date a corresponding [...]

Posted in Privacy and Security | Comments closed

’08 Tech Policy Outlook: REAL ID

The release last Friday of the final rule for REAL ID did not mark the end of the road for this issue, but the end of the beginning. In this second of our series of posts taking a high-level look at various technology policy issues, we focus on REAL ID, and how it stands a [...]

Posted in Privacy and Security | Comments closed

REAL ID Final Rules – The Makeup Doesn’t Hide the Pig

Update January 17 – USACM issued a press release on the final rules, which is available online. As mentioned in the previous post, the Department of Homeland Security (DHS) released its final rules for the REAL ID program on Friday, January 11. Last May USACM submitted comments on the proposed rules released in March 2007, [...]

Posted in Privacy and Security | Comments closed

DHS Releases Final Rule on REAL ID

At a press conference earlier today, the Department of Homeland Security released the final rule on REAL ID. The press release summarizes the proposed changes – at least those addressing the deadlines for implementation. The Department released preliminary rules on REAL ID in March of 2007, and in May USACM submitted lengthy comments objecting to [...]

Posted in Privacy and Security | Comments closed

House Ways and Means Committee Introduces Social Security Number Bill

Yesterday the House Ways and Means Committee introduced a bill to reduce identity theft through restricting the use of the Social Security Number (SSN). After a series of 16 hearings on the issue, including one where USACM-EC Member Annie Antón testified, the Committee cited the easy availability of the SSN and its common use as [...]

Posted in Privacy and Security | Comments closed

Spyware Bill Would Define Zombies

Senator Pryor (D-AR) introduced S 1625, the Counter Spy Act, earlier this month. The bill joins other legislation, which has already passed the House, that will try and reduce the harm of spyware. Senator Pryor is no stranger to the issue – he spoke at our April briefing on botnets and was recently appointed co-chair [...]

Posted in Privacy and Security | Comments closed

USACM-EC Member Testifies on the Privacy and Security of Social Security Numbers

On Thursday, June 21, Dr. Annie Antón, Associate Professor of Software Engineering at North Carolina State University, testified in front of the Social Security Subcommittee of the House Ways and Means Committee on protecting the privacy and security of Social Security numbers. While the subcommittee did not have a specific bill to consider at this [...]

Also posted in ACM/USACM News | Comments closed

USACM-EC Member to Testify on Social Security Numbers

Update June 21 Dr. Antón’s testimony is now available online. Original Post – June 20 On Thursday, June 21, at 10:00 a.m., Annie Antón, USACM Executive Committee Member and Associate Professor of Software Engineering at North Carolina State University, will testify to Congress on behalf of USACM regarding the pervasive use of the Social Security [...]

Also posted in ACM/USACM News | Comments closed

USACM Member Encourages Safeguards for Employment Eligibility Verification System

On Thursday, June 7, Dr. Peter G. Neumann, Principal Scientist in the Computer Science Laboratory at SRI International, testified before the Social Security Subcommittee of the House Ways and Means Committee on the proposed Employment Eligibility Verification System, or EEVS. The EEVS is part of the immigration legislation recently debated in the Senate, and apparently [...]

Also posted in ACM/USACM News | Comments closed

USACM Member to Testify on Employment Eligibility Verification System

On Thursday, June 7, at 10:00 AM, Peter Neumann, USACM Member and Principal Scientist at SRI, will testify to Congress on behalf of USACM regarding proposals to expand and make mandatory the Employment Eligibility Verification System (EEVS). The EEVS is a query-based system that allows employers to verify the work-eligibility and identity documentation that employees [...]

Also posted in ACM/USACM News | Comments closed

Spyware Legislation Approved by Committees

In the last two weeks, two different spyware bills have been approved by two different House committees. On Thursday, the House Energy and Commerce Committee approved HR 964, the Securely Protect Yourself Against Cyber Trespass Act, or the SPY Act. This committee has approved similar bills in the previous two Congresses, only to see the [...]

Posted in Privacy and Security | Comments closed

USACM Urges Revisions to REAL ID Rules

Yesterday USACM filed detailed comments on the Department of Homeland Security’s draft rules for implementing the REAL ID Act. (For background, Congress passed the controversial REAL ID Act in 2005 over the objections of many privacy, security and technology experts. See our posts (1,2) about USACM’s comments on the law.)

Also posted in ACM/USACM News | Comments closed

Data Mining and Data Breach Legislation Advance in Congress

Last week the Senate Judiciary Committee sent S236, the Federal Agency Data Mining Reporting Act of 2007 to the Senate floor by a voice vote. The bill, which we posted about earlier this year, would require the federal government to report annually on the development and use of technologies that would mine data for patterns [...]

Posted in Privacy and Security | Comments closed

What to do about Botnets?

As mentioned on our blog last week (April 25) we cosponsored a Capitol Hill briefing with Microsoft about the growing threat of botnets. (See the post for more information on what botnets are.) Senators Pryor and Bennett made opening remarks about how the Internet is increasingly integrated into society and how computer security is an [...]

Also posted in ACM/USACM News | Comments closed

Briefing: Learning about the Threats from Botnets

Next Wednesday at 12:00 p.m., ACM and Microsoft are sponsoring a briefing to educate policymakers about the growing threat of botnets. For those not familiar with the issue, ‘bots are malicious software (viruses, worms, etc.) that take over an unsecured computer and place it under the control of a hacker or ‘bot herder’. These computers [...]

Also posted in ACM/USACM News | Comments closed

Data Mining Bill Voted out of Committee

The Senate Judiciary Committee sent S236, the Federal Agency Data Mining Reporting Act of 2007 to the Senate floor by a voice vote. The bill, which we posted about earlier this year, would require the federal government to report annually on the development and use of technologies that would mine data for patterns of criminal [...]

Posted in Privacy and Security | Comments closed

A Deeper Look At E-voting Reform

For the past few Congresses Representative Rush Holt (D-NJ) has taken the lead on legislation to reform electronic voting. Each year his efforts have garnered deep support from the Democratic party, but each year the legislation stalled with no Congressional action. With the Democrats now controlling Congress, Representative Holt reintroduced his legislation — the Voter [...]

Also posted in E-voting | Comments closed

Proposed REAL ID rules released

The Department of Homeland Security released a Notice of Proposed Rulemaking about the REAL ID Act on March 1. The proposed REAL ID rules are available in the Federal Register, and subject to a 60 day comment period. The release about the notice is here: http://www.dhs.gov/xprevprot/laws/gc_1172765386179.shtm The actual notice (162 pages) can be found here: [...]

Posted in Privacy and Security | Comments closed

USACM Submits Comments to Federal Identity Theft Task Force

In response to a request for public comment from the Federal Identity Theft Task Force, USACM submitted comments on Friday on the technical implications of several different proposals under consideration. The full text of the request for comment, which includes discussion of the use of Social Security numbers, the effectiveness of a possible nationwide policy [...]

Also posted in ACM/USACM News | Comments closed

NSA Wiretapping Program Will Be Supervised

The controversial National Security Agency (NSA) wiretapping program, which the Bush Administration has asserted did not need warrants to operate, has been changed. In an article published in today’s Washington Post (registration required), the Attorney General has stated this program will be subject to judicial review through the court that administers the Foreign Intelligence Surveillance [...]

Posted in Privacy and Security | Comments closed

Data Mining Attracts Congressional Attention

Two actions in recent days demonstrated the level of Congressional interest in privacy under the new Democratic Congress. The Senate Judiciary Committee held a hearing Wednesday on government data mining programs. You can access witness statements, member statements and the hearing webcast at that link. The new chairman, Senator Leahy of Vermont, indicated that there [...]

Posted in Privacy and Security | Comments closed

The Duck Quacks, New House and Senate Chairs Are Named

Congress’ very short lame-duck session came to an end early Saturday morning wrapping up a largely unproductive 109th Congress in the technology policy space. In the waning hours, Congress did pass a few tech-related measures, but left almost all of the funding and competitiveness bills on the table — including funding for the President’s American [...]

Also posted in E-voting, Innovation | Comments closed

TGDC Reverses Course, Finishes Meeting

Update – December 12 Materials from the meeting, including the webcast and text of the resolutions considered at the meeting, are now available on the NIST website. Original post – December 5 As I suggested in yesterday’s post the Technical Guidelines Development Committee (TGDC) did revisit the software independent proposal during today’s session. It was [...]

Also posted in E-voting | Comments closed

TGDC Decides Against Software Independent Systems

As Cameron posted to the blog yesterday, the Technical Guidelines Development Committee is meeting today and tomorrow at the NIST Gaithersburg facility to discuss its advice to the Election Assistance Commission for the 2007 Voluntary Voting System Guidelines. The meeting is being webcast and will be archived for later viewing. Presentation slides should also be [...]

Also posted in E-voting | Comments closed

USACM Urges Feds to Adopt Software Independent E-voting Systems

Update: The TDGC rejected NIST’s and the security subcommittee’s recommendations for software independent systems on a 6-6 tie vote. We’ve got a story about the meeting posted here. Update 2: The TDGC reversed course and adopted a compromise resolution that embraces the software indepence concept. David posted a story about it here. Last Thursday we [...]

Also posted in ACM/USACM News, E-voting | Comments closed

Copyright Office Grants Malware Research Exemption to DMCA

We are playing a bit of catch up after the Thanksgiving holiday, so this story is not new news but we wanted to get it on the blog anyway. Last week (the afternoon before Thanksgiving Day) the Library of Congress released its final recommendations for exemptions to the anti-circumvention provisions of the Digital Millennium Copyright [...]

Also posted in Intellectual Property | Comments closed

Meet the New Boss: Outlook for Technology Policy in the Next Congress

Update 11/16/06: One of the problems of doing a laundry-list type post like this is that you miss some issues, and some nuance when trying to summarize complex policy issues. Notably missing from this list are issues such as patent reform and reviving the Office of Technology Assessment (OTA). We don’t follow patent reform very [...]

Also posted in E-voting, Education and Workforce, Innovation, Intellectual Property | Comments closed

Next Big Electronic Voting Test 11 Days Away

Election Day in the United States – November 7 – is approaching fast. Issues with electronic voting, whether it’s the voting machines, the voter registration databases, or other problems with the process, continue to crop up in the press. This has led to some concern on the part of members of the Election Assistance Commission [...]

Also posted in E-voting | Comments closed

Data Breaches Still a Problem

Update – October 16 – The House Government Reform Committee has released a Staff Report on the data breach information they have received. Perhaps as troublesome as the number of events is the extent to which agencies may be unaware of what they’ve lost. Original Post – October 12 There have been a large number [...]

Posted in Privacy and Security | Comments closed

USACM Member To Advise Government on Privacy

Last week the Department of Homeland Security appointed Annie Anton (Professor of Software Engineering at North Carolina State University and USACM-EC member) to serve on the Data Privacy and Integrity Advisory Committee. She is the second USACM member to join the panel. Dr. Lance Hoffman (George Washington University) was appointed to serve last year. The [...]

Also posted in ACM/USACM News | Comments closed

New Health IT Legislation

On Wednesday, September 13, the Federal Workforce and Agency Organization subcomittee of the House Government Reform Committee approved a bill to spur the development of electronic health records for federal employees. The legislation, The Federal Family Health Information Technology Act (HR 4859), would establish the health records through the Federal Employees Health Benefits Program. This [...]

Posted in Privacy and Security | Comments closed

Government Actions Supporting Data Protection

Two items showing the ongoing struggle to maintain the security of personal information. Government Computer News reported in their July 24 issue that the Office of Management and Budget has tightened requirements for federal agencies to report data breaches. Responding to recently reported data breaches, the OMB guidance reinforces much of current federal law in [...]

Posted in Privacy and Security | Comments closed

Veterans’ Affairs Data Breach Legislation

The House Veterans Affairs Committee, responding to the May 2006 theft of a laptop containing information on over 26 million veterans and active duty personnel, has approved legislation improving and reorganizing cybersecurity activities in the Department of Veterans’ Affairs. This follows a series of hearings the committee has held over the last 2 months – [...]

Posted in Privacy and Security | Comments closed

USACM Chair, Eugene Spafford, Calls for More Accountability at the VA

Testifying before Congress about the recent databreach at the Veterans Affairs (VA) Department, Eugene Spafford (Spaf) argued that this breach was a policy problem rather than technology one. (His full testimony can be found here.) Noting that government, industry and academia all have systemic problems with how accountability is built into information security policies, two [...]

Also posted in ACM/USACM News | Comments closed

USACM Releases Privacy Policy Recommendations

With security breaches revealing millions of personal records, new surveillance programs being adopted by law enforcement, calls for data to be retained longer by Internet Service Providers, the role of privacy and technology is very much on the minds of policymakers. The most common refrain from advocates is for Congress to enact a comprehensive privacy [...]

Also posted in ACM/USACM News | Comments closed

VA Department Loses Personal Information On 26.5 Million Vets

Many privacy advocates dubbed 2005, “The Year of Data Breach.” Perhaps the term should be amended to “the years” or even “decade” with yet another announcement of a massive loss of data. This time a Department of Veterans Affairs (VA) employee took a laptop home, which was then stolen, that had personal information (including social [...]

Posted in Privacy and Security | Comments closed

NSA Building Massive Database Of Domestic Calls, Senate Judiciary To Hold Hearings

In the wake of today’s USA Today story shedding new light on the National Security Agency’s (NSA) Terrorist Surveillance Program, CQ.com (sub. required) is reporting that the Senate Judiciary Committee will call representatives of three major telephone companies to testify before the panel.

Posted in Privacy and Security | Comments closed

USACM Calls On Congress to Protect Patients Privacy Rights

Last week, USACM joined a diverse collection of consumer, privacy, technology, and other groups calling on Congress to ensure that patient privacy rights are part of any federal health information technology legislation. Policy issues associated with health information technology usage are clearly a growing area of interest for policy makers with initatives from both President [...]

Also posted in ACM/USACM News | Comments closed

Mixed Bag Data Security Legislation Inches Forward, USACM Comments on Proposal

Today Congress took another step forward in trying to deal with the numerous data breaches that continue to make news as the House Energy and Commerce Committee unanimously passed legislation (H.R. 4127) that would force companies to shore up their security practices. We’ve covered this issue in other posts (1,2), but for background the legislation [...]

Also posted in ACM/USACM News | Comments closed

USACM Releases Major Study on Voter Registration Databases

Update 2/17/06: Declan McCullagh wrote a nice story about the study for CNET News.com. Original Post 2/16/06: Citing the danger of voter fraud and disenfranchisement from poorly implemented databases, a committee of experts commissioned by USACM released a report today making almost 100 recommendations to state and local officials charged with creating and managing statewide voter [...]

Also posted in ACM/USACM News, E-voting | Comments closed

ChoicePoint gets largest ever FTC civil penalty

ChoicePoint, the data broker at the center of the data breach controversy that erupted last year (and continues to play out even now), has received a $10 million fine from the Federal Trade Commission and, in addition, has agreed to contribute another $5 million to a fund aimed at helping those who were harmed following [...]

Posted in Privacy and Security | Comments closed

USACM urges policymakers to adopt a broader view of data security

Following last year’s numerous high-profile data breaches (which we’ve been covering closely), there are now numerous pieces of data security and privacy legislation pending in Congress — coming under the jurisdiction of numerous committees and using a range of different approaches. Indeed, the field is so crowded that it’s difficult to tell which bills have [...]

Also posted in ACM/USACM News | Comments closed

Sony BMG settling “rootkit” cases

Last week the Wall Street Journal [subsc. req'd] reported that Sony BMG has reached tentative settlements in a number of class-action law suits brought against the company as a result of the recent “rootkit” fiasco (described in our November newsletter). According to the Journal article, the settlements provide that … consumers would be able to [...]

Also posted in Intellectual Property | Comments closed

USACM chair comments on Pentagon cybersecurity

Prof. Eugene Spafford, USACM Chair and executive director of Purdue University’s Center for Education and Research in Information Assurance and Security (CERIAS), was interviewed recently as part of a National Public Radio (NPR) Morning Edition piece on Department of Defense (DOD) cybersecurity: Pentagon Faces Computer Security Problems by Vicky O’Hara Morning Edition, December 12, 2005 [...]

Also posted in ACM/USACM News | Comments closed

IT heavyweight joins push for preemptive federal privacy legislation

Recently, Microsoft added its voice to those calling for uniform federal privacy legislation that preempts individual state laws. Brad Smith, a senior VP and general counsel for the company, made the announcement at a recent Congressional Internet Caucus gathering: Over the past few years … several factors have altered the privacy landscape in such a [...]

Posted in Privacy and Security | Comments closed

USACM Chair cautions against underfunding cybersecurity research

USACM Chair Gene Spafford testified today at a House Armed Services Committee hearing as part of a cybersecurity panel on “Asymmetric and Unconventional Threats.” He was joined on the panel by David Grawrock (Intel) and Paul Kurtz (Cyber Security Industry Alliance). Spafford’s written testimony can be found here. In his oral comments, Spafford stressed several [...]

Also posted in ACM/USACM News, Innovation | Comments closed

Senate to Move Data Security Legislation

Update (10/25/05) — As promised below, click here to see an updated comparison of the four bills mentioned in the original post. Last week we reported that the Senate Judiciary Committee — a major player in the effort to enact federal data security legislation — moved Senator Jeff Sessions’ (R-AL) legislation (S. 1326) intended to [...]

Posted in Privacy and Security | Comments closed

Senate committee approves privacy/data protection bill

Thursday the Senate Judiciary committee approved (by voice vote) Senator Jeff Sessions’ (R-AL) “Notification of Risk to Personal Data Act” (S. 1326). The bill calls for the creation of data protection programs, mandates security breach notifications, and provides for the preemption of similar state laws. It was one of a number of data protection bills [...]

Posted in Privacy and Security | Comments closed

Little progress seen toward securing nation’s critical infrastructure

The House Homeland Security Committee yesterday heard testimony regarding the security of the nation’s supervisory control and data acquisition (SCADA) systems — the computer systems used to control such things as water flow through dams, the operation of power plants, and so on. The occassion was a joint hearing between the Subcommittee on Economic Security, [...]

Posted in Privacy and Security | Comments closed

USACM and others criticize DOD export proposal

USACM and more than 100 other respondents recently filed comments with the Department of Defense criticizing its proposed changes to the Defense Federal Acquisition Regulation Supplement (DFARS). Among other things, the proposal mandates that all DOD contracts include a clause requiring contractors to 1. Create and maintain unique badges for foreign nationals and foreign persons [...]

Also posted in ACM/USACM News | Comments closed

Spafford and Lazowska on cybersecurity R&D

There are a couple of interesting cybersecurity items currently worthy of your attention: * USACM Chair Eugene Spafford makes comments on the Department of Defense’s approach to cybersecurity in a recent Federal Computer Week article: [...] Spafford said incremental changes will not strengthen existing networks and a whole new approach [to DOD cybersecurity] is needed. [...]

Posted in Privacy and Security | Comments closed

Carter-Baker Commmission gets it partly right

Update (Sept. 26) — Carter and Baker have issued a response to some of the criticism their report has received — their comments appeared in the NY Times on Sept. 23 and are available here. As pointed out in today’s Washington Post, the Federal Commission on Election Reform (led by former president Jimmy Carter and [...]

Also posted in E-voting | Comments closed

Department of Commerce gets an earful on proposed export rule changes

At around 84 megabytes, the PDF file containing the largely negative response to the Department of Commerce Bureau of Industry and Security’s (BIS’s) recent advanced notice of proposed rulemaking regarding proposed changes to U.S. deemed export regulations is one hefty document. It contains the comments of over 300 respondents — universities, researchers, scientists, medical organizations, [...]

Also posted in Innovation | Comments closed

States balk at Real ID Act’s price tag

The Seattle Post-Intelligencer reports on the feelings of some state lawmakers (who are gathering this week for a meeting of the National Conference of State Legislatures) regarding the impending implementation of the Real ID Act. The crux of the issue for many state lawmakers is just who should pay the act’s costs: [State leaders at [...]

Posted in Privacy and Security | Comments closed

California bill would limit state’s use of RFID in identification cards

With things relatively quiet in Washington just now (it is August, after all), we have a chance to take a closer look at an interesting law that is pending in the California legislature: S.B. 682, Senator Simitian’s “Identity Information Protection Act.” The bill has two main purposes: 1. Prohibit the inclusion of “contactless integrated circuit” [...]

Posted in Privacy and Security | Comments closed

Senate Commerce Committee joins the data security & privacy fray

Not to be outdone by other Congressional committees working to address the current data security and privacy crisis illustrated by this year’s numerous data breach disclosures and controversies, the Senate Commerce committee has decided to wade into the debate and is set to markup S. 1408 on Thursday. The bill, dubbed the Identity Theft Protection [...]

Posted in Privacy and Security | Comments closed

Pentagon seeking new controls on foreign researchers’ access to sensitive tech

A recent article in the Chronicle of Higher Education [subscription req'd] points us to proposed rule changes from the Department of Defense that would create new restrictions on foreign researchers’ access to export-controlled technology: The proposed rules would require foreign researchers to wear badges and would require laboratories to contain segregated work areas to control [...]

Posted in Privacy and Security | Comments closed

Data security & privacy bill part of a crowded Senate agenda (Part 2)

In part one, we took a look at some of the bill’s basic characteristics, its political context, and its likely prospects. In this part, we’ll address what we see as some areas of concern with the bill: Complexity, Imprecision — The bill sets forth a very dense, complex regulatory framework for data security and protecting [...]

Posted in Privacy and Security | Comments closed

Data security & privacy bill part of a crowded Senate agenda (Part 1)

Senator Russ Feingold (D-Wis.) recently added his support to the “Personal Data Privacy and Security Act” (S. 1332), an important bill from Senators Specter and Leahy that we described briefly in a recent post. At over 90 pages, the bill is a comprehensive (and complex) attempt to address the privacy and security issues that have [...]

Posted in Privacy and Security | Comments closed

Specter, Leahy introduce Personal Data Privacy and Security Act

Reacting to the current troubling situation regarding data security and privacy in the U.S., two powerful senators introduced legislation yesterday designed to better protect sensitive personal information. Senator Arlen Specter (R-PA) and Senator Patrick Leahy (D-VT) — the two most powerful members of the Senate Judiciary Committee — put forward the “Data Privacy and Security [...]

Posted in Privacy and Security | Comments closed

Proposed Export Rules Could Stifle Innovation

Update: Many organizations filed comments with BIS (the rumor has it around 200). The only one that we have seen so far (besides the CRA link at the bottom) is by the Association of American Universities. Apparently many business groups filed as well, including several IT and trade associations. We’ll post links to the big [...]

Also posted in ACM/USACM News, Innovation | Comments closed

Latest data breach may fuel the push for federal regulation of data security

The NY Times has more information (and two follow-up articles) about the staggering loss of data at a credit card transaction processing company that came to light over the weekend: The security breach was first reported Friday when MasterCard International said a lapse at CardSystems had allowed the installation of a rogue computer program that [...]

Posted in Privacy and Security | Comments closed

Senators considering ID theft solutions

Update – June 18: Details are emerging this weekend of a very large scale data breach of credit card data at a transaction processing center affecting some 40 million files. More details are available at the Washington Post and the NY Times. Yesterday the Senate Commerce, Science & Transportation Committee held a hearing on identity [...]

Posted in Privacy and Security | Comments closed

Private investigators getting nervous

The Washington Post has an article today about the ongoing work of private investigators to prevent policymakers (and some data brokers) from limiting their access to Social Security numbers, a key tool of their trade for tracking individuals: Private investigators are working to blunt legislation that cracks down on the active marketplace for Social Security [...]

Posted in Privacy and Security | Comments closed

Citigroup reveals data loss

Update: The NY Times published a thoughtful follow-up article on data security today. Citigroup has become the latest member of a group of large companies that have suffered major data losses or breaches in the last several months. As reported in today’s Washington Post: A unit of financial services giant Citigroup Inc. said yesterday that [...]

Posted in Privacy and Security | Comments closed

USACM Urges Reconsideration of Real ID Provisions

The Electronic Privacy Information Center (EPIC) convened a meeting today to look into the range of policy, technical, and social issues surrounding national identification systems in light of the recently passed Real ID Act, something we’ve been quite active on recently. In April, USACM sent the Senate a letter outlining its concerns about the security [...]

Also posted in ACM/USACM News | Comments closed

NYT: Virtually Unprotected

The NY Times ran an editorial today sounding the cybersecurity alarm (again): [...] Experts have long warned that the nation’s power, transportation and communications systems are vulnerable to “cyberattacks” that could devastate the economy and cause huge damage to life and property. Now a new government report has concluded that far too little is being [...]

Posted in Privacy and Security | Comments closed

Spyware bills pass House

With most eyes focused (understandably) on the Senate’s judicial filibuster fight, the House of Representatives yesterday passed two pieces of spyware legislation: H.R. 29 — Rep. Mary Bono’s (R-CA) Securely Protect Yourself Against Cyber Trespass Act (SPY Act), which would, among other things, prohibit deceptive acts or practices intended to take unsolicited control of the [...]

Posted in Privacy and Security | Comments closed

Little clearing in privacy/personal information issues

Federal Trade Commissioner (FTC) Orson Swindle had some strong words recently for business leaders attending a meeting on cybercrime convened by the Business Software Alliance and the Center for Strategic and International Studies (as reported in National Journal’s Tech Daily [subscription req'd]): “Industry has been irresponsible, and someone’s got to pay,” [he said ...] Swindle [...]

Posted in Privacy and Security | Comments closed

Murky Waters Begin to Clear: House Moves Cybersecurity Issues Forward

In a previous post (recommended reading for background to this post), we outlined House Homeland Security Chairman Cox’s (R-CA) efforts to add cybersecurity provisions to the Department of Homeland Security Authorization Act. The leading idea was to give cybersecurity more political clout within the department by moving it higher up on the bureaucratic food chain. [...]

Posted in Privacy and Security | Comments closed

ID Theft and Phishing Converge to Pose New Threat

News.com has a rather troubling article today about how ID theft and phishing are converging to create a new very active threat to electronic commerce. Here is the key excerpt: According to Cyota, the phishing e-mails arrive at bank customers’ in-boxes featuring accurate account information, including the customer’s name, e-mail address and full account number. [...]

Posted in Privacy and Security | Comments closed

Congress Passes Real ID Act

Update 5/10/05:The Senate passed the supplemental appropriations conference report tonight by a vote of 100-0. Update 5/6/05: The House passed the supplemental appropriations conference report yesterday by a overwhelming margin 368-58-1. Original Post 5/5/05:The House and Senate have reached agreement on the Real ID Act. We posted the final agreement here. It is largely the [...]

Posted in Privacy and Security | Comments closed

Schneier on Real ID

Security expert Bruce Schneier has a sobering post on the Real ID Act today: REAL ID The United States is getting a national ID card. The REAL ID Act … establishes uniform standards for state driver’s licenses, effectively creating a national ID card. It’s a bad idea, and is going to make us all less [...]

Posted in Privacy and Security | Comments closed

Congress May Require Closer Scrutiny to Get a Driver’s License

From the front page of today’s NY Times, an article on the Real ID Act’s progress: WASHINGTON, May 2 – Congress is moving quickly toward setting strict rules on how states issue driver’s licenses, requiring them to verify whether each applicant for a new license or a renewal is in this country legally. A House [...]

Posted in Privacy and Security | Comments closed

Cyber Czar Legislation Takes First Step in Congress

Update 5/2/05: Last week, the Homeland Security Committee folded the “cyber czar” legislation (see below), pretty much as is, into the Department of Homeland Security Authorization Act of 2006. This massive bill reauthorizes and updates many different programs at the department. The Committee did add two items to the cybersecurity provisions. The first is a [...]

Posted in Privacy and Security | Comments closed

Senate Dumps Real ID Act, But Legislation is Far From Dead

Update 4/28/05: Proving that Congress can move quickly when it needs to, CQ.com is reporting (sub. req.) that conferees on the supplemental appropriations bill are close to a deal. Earlier in the week Senator Minority Leader Harry Reid (D-NV) was quoted as saying that immigration provisions in the supplemental were likely to be included in [...]

Posted in Privacy and Security | Comments closed

Alleged ID theft at DC Blockbuster

From an article in this morning’s Washington Post: A former employee of the Blockbuster video store in [Washington's] Dupont Circle [neighborhood] has been indicted on charges of stealing customers’ identities, then using them to buy more than $117,000 in trips, electronics and other goods, including a Mercedes-Benz. A grand jury charged that Miles N. Holloman [...]

Posted in Privacy and Security | Comments closed

Chairman Barton speaks out again on protecting personal information

The New York Times recently ran an editorial pointing out how crucial California’s data breach notification law has been in bringing to light the current vulnerabilities of personal information:

Posted in Privacy and Security | Comments closed

WSJ article points to relative weakness of US online banking security

The Wall Street Journal (subscription required) has an article today that describes how many European banks have tighter security for online banking:

Posted in Privacy and Security | Comments closed

Data brokers continue to face intense scrutiny from lawmakers

Chairman Arlen Specter (R-PA) presided over a Senate Judiciary Committee hearing yesterday looking further into recent breaches of personal information at data brokers like ChoicePoint, LexisNexis, and Acxiom. The hearing served to deepen the sense in Washington that Congressional action to regulate data brokers and the commercial use of personal information is inevitable at this [...]

Posted in Privacy and Security | Comments closed

Questions (and suggestions) about DHS CPO

Declan McCullagh’s most recent article provides some interesting insight into the power and effectiveness of the Department of Homeland Security’s Chief Privacy Officer (CPO), Nuala O’Connor Kelly. The article seems to reinforce the notion that privacy concerns aren’t always taken as seriously within DHS as they are within other organizations that have CPOs: Nuala O’Connor [...]

Posted in Privacy and Security | Comments closed

From bad to worse

If you were thinking that the controversy over recent large-scale data breaches and identity theft was settling down into a nice orderly policy debate, think again: LexisNexis Data on 310,000 People Feared Stolen NEW YORK/AMSTERDAM (Reuters) – Data broker LexisNexis said Tuesday that personal information may have been stolen on 310,000 U.S. citizens, or nearly [...]

Posted in Privacy and Security | Comments closed

States Scramble To Protect Data

“Legislatures in more than two dozen states are considering ways to give consumers more control over personal information that is collected and sold by private firms, but many of the proposals are drawing fire from financial services companies. Bills are on the table in 28 states responding to a series of high-profile security breaches at [...]

Posted in Privacy and Security | Comments closed

DHS privacy chief advises new panel to focus on due process, redress

Wednesday (April 6) saw the first meeting of the Department of Homeland Security’s new Data Privacy and Integrity Advisory Committee (the creation of which we covered earlier here). The 20-member committee will be led by the Heritage Foundation’s Paul Rosenzweig (chair) and Lisa Sotto (vice chair), a Hunton and Williams partner. The committee heard from [...]

Posted in Privacy and Security | Comments closed

USACM Questions Real ID Act’s Security Standards

Citing the increased risk of identity theft the proposed Real ID Act would create, today USACM sent a letter (HTML, PDF) to Senator Lamar Alexander (R-TN) expressing its concerns about the legislation. Last week, Senator Alexander penned an op-ed stating that while he wasn’t necessarily opposed to national IDs, the Real ID Act wasn’t the [...]

Also posted in ACM/USACM News | Comments closed

Senate Balks at Real ID Act

Congressional Quarterly is reporting (subscription required) that the Senate will strip the Real ID Act from the supplemental appropriations bill when it considers the legislation in committee next week. Ultimately this means that the House and Senate will battle over this provision during conference negotiations, which should happen quickly after Senate passage.

Posted in Privacy and Security | Comments closed

USACM Calls For Stronger Cybersecurity In Power Plants

In a letter to the Nuclear Regulatory Commission (NRC), USACM advocates for stronger cybersecurity in power plants across the nation. The letter points out the critical role of computer-controlled safety systems in today’s power plants and the importance of securing these systems: “Cybersecurity experts often cite the importance of supervisory control and data acquisition (SCADA) [...]

Also posted in ACM/USACM News | Comments closed

Congress Organizes (Finally), Penalties On Phishing And Pharming Sought

The Ides of March have come and gone, and apparently considering themselves safe, Senators have finally (and formally) organized the Senate Judiciary Committee. As we previously reported, Senator Orin Hatch (R-UT) will chair a newly created Senate Intellectual Property Subcommittee, which gives IP issues their own forum in an otherwise busy committee. Public Knowledge President [...]

Also posted in Intellectual Property | Comments closed