Privacy Digest

Feds Charge 11 in Breaches at TJ Maxx, OfficeMax, DSW, Others - Via Threat Level:

A key Secret Service informant and 10 other men in five countries were hit with federal indictments in Boston and San Diego Tuesday in connection with virtually every major breach of U.S. retail networks in the past four years, including the 2005-2007 intrusion into clothier TJ Maxx, in which millions of credit and debit card numbers were stolen.

"As far as we know, this is the single largest and most complex identity theft case ever prosecuted in this country," said U.S. Attorney General Michael Mukasey, in a press conference announcing the prosecutions in Boston Tuesday.  read more »

Prescription Data Used To Assess Consumersv - Via washingtonpost.com :

Health and life insurance companies have access to a powerful new tool for evaluating whether to cover individual consumers: a health "credit report" drawn from databases containing prescription drug records on more than 200 million Americans.

Collecting and analyzing personal health information in commercial databases is a fledgling industry, but one poised to take off as the nation enters the age of electronic medical records. While lawmakers debate how best to oversee the shift to computerized records, some insurers have already begun testing systems that tap into not only prescription drug information, but also data about patients held by clinical and pathological laboratories.

Traditionally, insurance companies have judged an applicant's risk by gathering medical records from physicians' offices. But the new tools offer the advantage of being "electronic, fast and cheap," said Mark Franzen, managing director of Milliman IntelliScript, which provides consumers' personal drug profiles to insurers.

The trend holds promise for improved health care and cost savings, but privacy and consumer advocates fear it is taking place largely outside the scrutiny of federal health regulators and lawmakers.  read more »

11 Charged In TJX, Other Breaches - Via Slashdot: Your Rights Online:

coondoggie writes "The Justice Department has charged 11 people in connection with the massive theft of credit card numbers from various retailers, including TJX, BJs and OfficeMax. Authorities say the group charged was involved in the theft of more than 40 million credit and debit card numbers. In an indictment returned today by a federal grand jury in Boston, Albert 'Segvec' Gonzalez, of Miami, was charged with computer fraud, wire fraud, access device fraud, aggravated identity theft, and conspiracy for his role in the scheme. Others indicted are from the US, Estonia, China, and Belarus." --- We've been following the TJX breach since the beginning.

(Read Original Article - Via Slashdot: Your Rights Online.)

Registered Traveler Company Frozen After Losing Flier Data - Via Threat Level:

The Transportation Security Administration suspended Verified Identity Pass from enrolling any new passengers in its get-through-security-faster program on Tuesday, after the company lost (and then oddly found) a unencrypted laptop containing personal information of 33,000 people who had applied for the so-called Registered Traveler program.

The company learned of the loss of an unencrypted laptop from the San Francisco airport on July 26 that included enrollees' names, addresses, dates of birth and some drivers' license numbers. TSA suspended new enrollments in the company's Clear Pass program until the company complies with rules requiring that such data notifies all of the affected enrollees.

Current lanes and participants are not affected.

But just hours after that TSA announcement, a VIP spokeswoman Allison Beer said the company had just found the laptop in the very room it had reported it stolen from. Beer declined to speak on the record about whether the laptop had been returned or had been overlooked originally.  read more »

Consent No Cure For Health Info Privacy Issues - Via CDT - PolicyBeta:

An article in the Washington Post today reported on the use by health and life insurers of identifiable prescription drug records to make coverage decisions. This data is actually acquired by companies that act as data brokers or analysts on behalf of insurers, and individuals applying for insurance consent to having their prescription drug data gathered and used for this purpose. The article further notes that the gathering of this data will be even easier when this information is stored in electronic health records.  read more »

Essay - If You Run a Red Light, Will Everyone Know? - Via NYTimes.com :

Want to vet a baby sitter? Need to peek into the background of a prospective employee? Curious about the past of a potential date?

Last month, PeopleFinders, a 20-year-old company based in Sacramento, introduced CriminalSearches.com, a free service to satisfy those common impulses. The site, which is supported by ads, lets people search by name through criminal archives of all 50 states and 3,500 counties in the United States. In the process, it just might upset a sensitive social balance once preserved by the difficulty of obtaining public documents like criminal records.

Academics have a term for the old inaccessibility of records like those for criminal convictions: “practical obscurity.” Once upon a time, people in search of this data had to hire private investigators to navigate byzantine courthouses and rudimentary filing or computer systems, and to deal with often grim-faced legal clerks. In a way, the obstacles to getting criminal information maintained a valuable, ignorance-fueled civil peace. Convicts could start fresh after serving their time without strangers knowing their pasts, and there was little risk that unsophisticated researchers could confuse people with identical names.

Well, not anymore. The information on CriminalSearches.com is available to all comers. “Do you really know who people are?” the site blares in large script at the top of the page.  read more »

Biometric database to be formed in Israel - Israel News, Ynetnews - Via Israel News, Ynetnews :

Government approves bill calling for creation of database of all Israeli citizens. Data to include fingerprints, computerized facial features embedded on IDs, passports

The government approved Sunday a motion calling for the establishment of a biometric database by the Ministry of Interior and the Public Security Ministry.
 
The motion, dubbed the "identification card, travel papers and biometrics database bill," will now be referred back to the various Knesset committees, which would ready it for its Knesset votes.

The new bill called for embedding biometric data, such as fingerprints and computerized tags of facial features, in Israeli IDs and passports; as well as for the establishment of a database which would include biometric data on all Israeli citizens.  read more »

Hello Readers,

Well despite all the fun I had with upgrading my iBook(not my best day), I am upgrading the server that the Privacy Digest site runs on. I am increasing the RAM & Hard-drive. Getting a faster CPU and upgrading lots of the system software. In the near future I also have some site upgrades planned that required the new software that this upgrade is giving me.  read more »

Hello Readers,

Well despite all the fun I had with upgrading my iBook(not my best day), I am upgrading the server that the Privacy Digest site runs on. I am increasing the RAM & Hard-drive. Getting a faster CPU and upgrading lots of the system software. In the near future I also have some site upgrades planned that required the new software that this upgrade is giving me.  read more »

CDT Policy Post: A Primer on Behavioral Advertising - Via Center for Democracy and Technology:

CDT issued a policy post today on the emerging practice of online behavioral advertising. Behavioral advertising involves the compilation of detailed information about an Internet user’s online activities. That data, when collected, can be turned into detailed consumer profiles including articles read, web sites visited, and items purchased. Ad networks contract with web sites to determine what type of advertising shows up on a consumer's web browser based on those profiles. In efforts to obtain more complete consumer profiles, some ad networks are now contracting with ISPs to buy the full web streams of the ISP's subscribers. That ad network-ISP model raises privacy concerns discussed in this policy post.

Policy Post: A Primer on Behavioral Advertising July 31, 2008

(Read Original Article - Via Center for Democracy and Technology.)

Google Says Complete Privacy Does Not Exist - Via Slashdot: Your Rights Online:

schliz writes "In a submission to court, Google is arguing that in the modern world there can be no expectation of privacy. Google is being sued by a Pennsylvania couple after their home appeared on Google's Street View pages. The couple's house is on a private road clearly marked as private property." --- Here is our previous story about Google Street View privacy issues.

(Read Original Article - Via Slashdot: Your Rights Online.)

Fusion Centers Part of Incipient Domestic Intelligence System, ACLU Warns - Via American Civil Liberties Union:

WASHINGTON -- The nation’s growing network of “fusion centers” is part of an incipient de facto domestic intelligence system, according to the American Civil Liberties Union. Today the ACLU released a report detailing spying on Maryland peace demonstrators, a mysterious domestic-spying scandal at a California military base and other recent incidents, confirming that its warnings about fusion centers were coming true.

“If some in this country want to build a domestic intelligence apparatus, then let’s have a debate in Congress about that, and an up-or-down vote on the idea,” said Caroline Fredrickson, director of the ACLU Washington Legislative Office. “Let’s not slide sideways into a fundamental change in the direction of our nation’s law enforcement system with little public awareness or debate.”  read more »

ACLU Urges Congress to Define Medical Privacy as Patient Control of Electronic Health Records - Via ACLU - Privacy:

PRO(TECH)T Act leaves electronic patient data vulnerable to theft and misuse

FOR IMMEDIATE RELEASE
Contact: 202-675-2312, media@dcaclu.org

Washington, DC – The American Civil Liberties Union today urges the House Energy and Commerce Committee to require patient control of medical records and compensation for privacy breaches to be a part of the standards set for converting to electronic patient records. The ACLU cautions that H.R. 6357, the “Protecting Records, Optimizing Treatment, and Easing Communication through Healthcare Technology Act of 2008” or the PRO(TECH)T Act, has insufficient privacy provisions and leaves patients vulnerable to bad, lost, stolen or misused data.

In addition, the ACLU urges the House Ways and Means Subcommittee on Health to consider how privacy protections will be built into new, high tech health systems as it hears testimony this Thursday. The subcommittee announced that protecting patient privacy and information security would be among the issues discussed at its July 24 hearing regarding health information technology. Other issues include potential costs and benefits, clinical capabilities and incentive effectiveness.

The following can be attributed to Timothy Sparapani, ACLU Senior Legislative Counsel:  read more »

Slashdot | How Do You Deal With Sensitive Data? - Via Slashdot :

imus writes "Just wondering how most IT shops secure sensitive data (customer records). Most centrally managed databases seem to be monitored and maintained very well and IT workers know when they are tampered with or when unauthorized access occurs. But what about employees who do legitimate selects from these databases and then load CSV files and other text files onto their laptops and PDAs? How are companies dealing with situations where the database is relatively secure, but end-use devices contain bits and pieces of sensitive business data, and sometimes whole segments? Does anyone use sensitive data discovery software such as Find_SSNs or Senf or other tools? Once found, how do you deal with it? Do you force encryption, delete it or prevent extracts?"

(Read Original Article - Via Slashdot .)

Plenty of Blame to Go Around in Yahoo Music Shutdown - Via Freedom to Tinker:

People have been heaping blame on Yahoo after it announced plans to shut down its Yahoo Music Store DRM servers on September 30. The practical effect of the shutdown is to make music purchased at the store unusable after a while.

Though savvy customers tended to avoid buying music in forms like this, where a company had to keep some distant servers running to keep the purchased music alive, those customers who did buy — taking reassurances from Yahoo and music industry at face value — are rightly angry. In the face of similar anger, Microsoft backtracked on plans to shutter its DRM servers. It looks like Yahoo will stay the course.  read more »

Embarq Response on Behavioral Advertising Comes Up Shor