RFID poses serious privacy risk, says GAO

In a report published on Friday, the Government Accountability Office said 13 of the largest federal agencies are already using RFID or plan to use it. But only one of 23 agencies polled by the GAO had identified any legal or privacy issues - even though three admitted RFID would let them track employee movements.

SUMMARY OF THE REPORT

RFID technology can provide new capabilities as well as an efficient method for federal agencies, manufacturers, retailers, and other organizations to collect, manage, disseminate, store, and analyze information on inventory, business processes, and security controls by providing real-time access to information. Several federal agencies have already begun testing and using the technology for access control and tracking and tracing assets and documents.

Because various standards exist based on the application and the industry or country in which it is used, interoperability may also be a factor to consider, although a single, common set of standards may not be necessary among different applications.

Few legal issues associated with RFID implementation were raised by the agencies. The use of the technology, however, raises several security and privacy considerations that may affect federal agencies’ decisions to implement the technology. Key security issues include protecting the confidentiality, integrity, and availability of the data and information systems. The privacy issues include notifying consumers; tracking an individual’s movements; profiling an individual’s habits, tastes, and predilections; and allowing for secondary uses of information. In addition, other areas such as the reliability, placement, and availability of tags, along with the cost and benefits of implementation and environmental concerns, are factors to consider. As agencies continue to deliberate over implementation, the considerations we identified are among the key factors to address.

2005 Pictures of the future by Siemens

Siemens AG, develops two times per year the punblication Pictures of the Future, in the last number Spring 2005, contains these issues:

Personalization: As You Like It
Remote Services: Long-Distance Vision
Elements of Life: Solutions for a Thirsty Planet

In the pages 32-33, there is an article about Personalization & Data Protection, "Trasparency, Not Surveillance".

Could radio frequency ID chips
and medical chipcards be
the
first step toward a surveillance
society? IT security experts
don’t think so. In fact,
the new technologies could go
a long way
toward providing
data availabilty while ensuring
that access is
strictly
limited to authorized users.

Privacy & Security webcast at MITvideo

There is a webcast available at MITVIDEO, Security, Privacy and Technology Panel.

This panel had as a moderator, Steven Levy (Senior Editor, Chief Technology Writer, Newsweek) and the Panelists:

Lewis M. Branscomb: Professor Emeritus, Public Policy and Corporate Management, John F. Kennedy School of Government, Harvard University

Kenneth Starr: Partner, Kirkland and Ellis

Nadine Strossen: President, ACLU

Charles Stuckey: Chairman of the Board, RSA Security

At ACLU (American Liberties Civil Union), there is a Privacy & Technology section with reports, litigations and other links about privacy.

The Regulatory, Economic, and Privacy Implications of Pharmacogenomics

The Virginia Journal of Law and Technology (VJOLT) is a student-run publication of the University of Virginia School of Law. It is one of the Law School's newest, and most dynamic, journals. VJOLT was established in 1996 by students who sought to enhance the focus at the Law School on issues arising from the intersection of law and technology. An interested and energetic group of students founded VJOLT, and Virginia thus joined the ranks of Harvard, Boalt Hall, Columbia, and other top law schools with technology journals.

The Current issue Volume 10 - Issue 1 - Winter 2005 has a paper about privacy and Pharmacogenomics, "The Regulatory, Economic, and Privacy Implications of Pharmacogenomics"by Patricia M. Festin.

The Human Genome Project was a seminal achievement that launched a revolution in science. This revolution is significantly impacting the pharmaceutical industry and drug discovery research. Pharmacogenomics—the study of how genetic differences influence the variability in patients' responses to drugs—complicates our understanding of the economic, regulatory, and policy issues that plague both the pharmaceutical industry and the social and legal mechanisms governing drug-related health care. This Article surveys the debate surrounding these challenges

IBM Adds Data Privacy To Business Collaboration

Article published in TechWeb News By Antone Gonsalves


IBM on Tuesday unveiled software that makes it possible for organizations to work together without compromising the privacy of each other's data.
The DB2 Anonymous Resolution product targets organizations that need to collaborate, but have reasons not to let each other see their information. Such a scenario could exist, for example, in merger negotiations or between the United States and other countries in homeland security issues.

"The data can never be used beyond its original intent," Drew Friedrich, director of IBM's entity-analytics unit, said. "It gives the data owner total control over knowledge discovery."

For the process to work, all parties in a collaborative effort would need to have the IBM product, which costs $25,000 per CPU. Working through the software's console, the user would have data records converted into the product's "standard" format and then given a unique identifier. Records that apply to the same entity, a customer, for example, would get the same identifier.

The data from all sides would then be sent to a separate component of the product, which would analyze the data and return results. The analytical component could reside anywhere, even with a neutral third party.

In the case of merger negotiations, for example, both companies could use Anonymous Resolution to compare customer lists to determine the number of new customers in the combined company, Friedrich said. The results of the analysis could be sent back in the form of percentages.

In the case of homeland security, the U.S. government could send its terrorist watch list through the product and European airlines could do the same for their passenger lists. If a terrorist was found on a list, an alert on the software's console would display the alphanumerical ID given to the data, and U.S. officials could use that in seeking the information from an airline

The Washington Metro announced a new privacy policy

Published in EPIC.ORG

The Washington Metro announced a new privacy policy for the collection and use of SmarTrip data or credit card usage in the Metro system. The policy limits disclosure without prior written authorization from the person. It assures individuals access to their own information and an accounting of disclosures. The Board also approved changes to its Public Access to Records Policy, more closely aligning it with the federal Freedom of Information Act. The changes to that policy establish certain exemptions and time frames for processing requests, provide for judicial review, and exempt individual SmarTrip data from disclosure except in limited instances. EPIC supported the changes

Tag Team: Tracking the Patterns of Supermarket Shoppers

Tag Team: Tracking the Patterns of Supermarket Shoppers is a article published in Knowledge Wharton a fantastic e-magazine by Wharton School (University of Pennsylvania).

To the untrained eye, the data presentation looks remarkably like an Etch-a-Sketch drawing, little more than a child's randomly drawn zigzag pattern on a favorite toy.


But to Wharton marketing professor Peter S. Fader, those seemingly random lines represent a new dataset showing the paths taken by individual shoppers in an actual grocery store. The data -- charted for the first time by radio frequency identification (RFID) tags located on consumers' shopping carts -- has the potential to change the way retailers in general think about customers and their shopping patterns.


In a new paper called "An Exploratory Look at Supermarket Shopping Paths," Fader, Wharton marketing professor Eric T. Bradlow and doctoral candidate Jeffrey S. Larson analyze this RFID-captured grocery store data, focusing exclusively on travel patterns without regard to purchase behavior or merchandising tactics. The results, they conclude, challenge many long-standing perceptions of shopper travel behavior within a supermarket, including ideas related to aisle traffic, special promotional displays, and perimeter shopping patterns.

The paper is available at: SSRN

Statewatch

Statewatch is a non-profit-making voluntary group founded in 1991. It is comprised of lawyers, academics, journalists, researchers and community activists. Its European network of contributors is drawn from 13 countries. Statewatch encourages the publication of investigative journalism and critical research in Europe the fields of the state, justice and home affairs, civil liberties, accountability and openness.

One of Statewatch's primary purposes is to provide a service for civil society to encourage informed discussion and debate - through the provision of news, features and analyses backed up by full-text documentation so that people can access for themsleves primary sources and come to their own conclusions.

The Statewatch bulletin was launched in 1991 and is now in its 13th year of publication. Coverage includes news, features and research sources on new measures introduced by national governments and the EU institutions in Brussels as well as reporting from the ground on the effect of policies and state practices in the community.

One of these issues is Observatory on the exchange of data on passengers with USA

Privacy and Identity Research at European Commision

Established in Seville (Spain), in 1994, the Institute for Prospective Technological Studies (ipts)is one of the seven institutes making up the joint research centre (jrc)of the European Commission.

One of IPTS' research areas is Privacy and Identity in the Information Society (PRIDIS),

The Lisbon strategy aims to create an inclusive, dynamic, competitive and secure knowledge-based society in Europe. To achieve this, the European Union needs to provide to citizens and consumers with a ‘trusted’ online environment. Such an environment needs to guarantee not only that citizens’ rights are well protected, but that citizens perceive this to be the case. Both security and privacy are necessary to establish and maintain citizen and consumer confidence in electronic communications, services and interactions, and thus in the information society in general.

The last publication at IPTS is about Biometrics " Biometrics at the Frontiers: Assessing the Impact on Society. Study for the European Parliament Committee on Citizens' Freedoms and Rights, Justice and Home Affairs (LIBE), February 2005."

With reports about biometrics and legal issues, economics aspects and social.

Another fantastic paper is this about Draft article on "Digital Territory: Bubbles", forthcoming in The Vision Book (2005) by Laurent Beslay and Hannu Hakala.

This paper about privacy like as bubbles remind me this presentation I've found at Open Course Ware at MIT. "11.947 New Century Cities: Real Estate, Digital Technology, and Design, Fall 2004" Session 2New Century Cities

Privacy worries workers

Thursday, May 12, 2005 JEAN SPENNER THE SAGINAW NEWS


Privacy may become an issue at Delphi Corp. plants if the company pushes to look at the medical records of workers who call in sick.

"To me, as long as they have a doctor's slip that states they are unable to work and bring that in, that should be enough," said John Kolhagen, bargaining chairman for United Auto Workers Local 467, which represents about 1,100 workers at Delphi Energy & Chassis Systems Saginaw Operations, 2328 E. Genesee in Saginaw.

"Delphi wants to challenge that," he said. "They want to know what you're doing in your life. To me it's a privacy issue and should be done between doctors."

Union leaders at that plant and at Delphi Saginaw Steering Systems, 3900 E. Holland in Buena Vista Township, said they learned from media reports that the Troy-based company has threatened to withhold pay or vacation days from hourly employees who refuse to sign waivers releasing their medical records.

Kolhagen concedes there is high absenteeism at his plant, though he wouldn't place a number on it. Industry watchers say absenteeism among hourly workers in the automotive industry runs about 10 percent annually, about three times higher than in other industries.

(Full article at: The Sangina News)

RISER, new e-ten project

The Project of the Month (May 2005)in e-ten's web is RISER (Registry Information Service on European Residents)that is a central web-service for collecting inquiries, distributing them to the responsible authorities and delivering the results to the customer.

RISER provides convincing economic benefits to its customers:

Uniform and easy-to-use access to the service in different languages
Faster processing of the required data than the traditional paper based processing
Improved quality of public service including standardised payment procedures

The objective of the Registry Information Service on European Residents is to create a Trans-European eGovernment service offering access to official registry information services to companies and citizens. The service communicates with customers and data suppliers via a secure internet infrastructure based on open standards. The service offers a single point of access to population registers in the EU Member States of the European Union via the internet and complies with the national regulations concerning civil registration, privacy and data security.

The RISER-Consortium led by the IT-service provider PSI comprises the following authorities and companies from Austria, Poland, Ireland and Germany:

PSI Aktiengesellschaft für Produkte und Systeme der Informationstechnologie (co-ordinator)Germany

ARAM sp.z o.o Poland

Fraunhofer Institut FOKUS Germany

Zentrum für Verwaltungsforschung Austria

Waterford Institute of Technology Ireland

Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein Germany

Landeseinwohneramt Berlin Germany

Security and data protection

The issues of data security and IT security are of utmost importance to RISER. Its core business is requesting and delivering person-related data, which may only be inspected and used in accordance with applicable national legal regulations. RISER complies with these legal regulations; on the one hand, by adhering to all legal requirements with respect to the way RISER itself processes transactions, and, on the other hand, by protecting the process from external, unauthorised access by third parties.

There is a Privacy and Data Security Report available

Bell University Labs

The Bell University Laboratories (BUL) is a collaborative research program designed to create opportunities for the transfer of people and ideas between Bell and researchers at various Canadian universities. It is Bell Canada's most significant investment in external R & D. In June 2002, a BUL Innovation Law and Policy Research Laboratory was established at the University of Toronto.

The Lab Manager is Rajen Akalu and the principal investigators at BUL are: Abraham Drassinower, Hudson Janisch, Richard Owens, and Jonathon Putnam.

They are working in DRM (Digital Rights Management)and privacy issues such as this paper: Medico-Legal Implications of Telehealth in Canadaby Sabrina Hasham, Rajen Akalu and Peter Rossos.

Chilling Effects Clearinghouse

Chilling Effects Clearinghouse is a joint project of the Electronic Frontier Foundation and Harvard, Stanford, Berkeley, University of San Francisco, University of Maine, George Washington School of Law, and Santa Clara University School of Law clinics.


Chilling Effects aims to support lawful online activity against the chill of unwarranted legal threats. We are excited about the new opportunities the Internet offers individuals to express their views, parody politicians, celebrate favorite stars, or criticize businesses, but concerned that not everyone feels the same way. Anecdotal evidence suggests that cease and desist letters often silence Internet users, whether or not their claims have legal merit. The Chilling Effects project seeks to document that "chill" and inform C&D recipients of their legal rights in response.

They update the Chilling Effects weather reports (Monitoring the legal climate for Internet activity).

And this complete topic area:

Trademark
Copyright
Piracy
DMCA Safe Harbour

Venezuela: Ley Proteccíón de Datos

Publicado el 6/05/2005 en Agencia Bolivariana de Noticias

Luego de sesionar durante tres días consecutivos, el directorio del Consejo Nacional Electoral (CNE) decidió, por unanimidad a través de una Resolución, promover la creación de una comisión especial constituida por miembros del Ejecutivo Nacional y el órgano rector para que elabore un Proyecto de ley para la protección de datos personales.

Esta información fue suministrada por el presidente del ente electoral, Jorge Rodríguez, quien destacó en rueda de prensa, que dicha decisión se debe a las denuncias que ha recibido este poder con relación a la listas de ciudadanos que realizaron solicitudes de revocatorias de mandatos.

Este proyecto de ley debe tener como principal objetivo, aseveró Rodríguez, la regulación y tratamiento de los datos y libertades personales, así como los derechos fundamentales de los ciudadanos.

A través de esta resolución, el cónclave electoral rechazó, de manera rotunda, la conducta de algunos sectores de la administración pública y privada que exigen una constancia al elector, emitida por el órgano comicial, que precise si participó o no en los procesos de recolección de firmas para la solicitud de un referendo revocatorio, tanto presidencial como de diputados.


Artículo completo en la web de ABN

Biometrics Privacy

The BioPrivacy Initiative is a resource for the following:

Public and private sector entities drafting privacy policies or statements

Institutions deploying biometrics to employees, customers, or citizens

Private citizens concerned with the use of biometric technology

In order to raise awareness of issues related to personal and informational privacy in biometric deployments, International Biometric Group's BioPrivacy Initiative advocates best practices for deploying biometric technology in the public and private sector, and establishes criteria for evaluating the potential privacy impact of biometric deployments and technology.

Using the BioPrivacy Initiative's three evaluative tools - the BioPrivacy Application Impact Framework, BioPrivacy Technology Risk Ratings, and BioPrivacy Best Practices - public and private sector institutions can ensure that new or existing biometric deployments are consistent with generally accepted privacy principles

2004 CIPLIT Symposium

Last october, The Center for Intellectual Property Law and Information Technology (CIPLIT) of the DePaul University, College of Law organized the 2004 CIPLIT Symposium,

Privacy and Identity: The Promise and Perils of a Technological Age

They upload the Symposium Program:

Professor Ishwar K. Sethi, Department Chair, Computer Science and Engineering Department, Oakland University, "Biometrics: Challenges and Applications", Presentation (PPT ~ 1.5 MB)

Dr. Ann Cavoukian, Information and Privacy Commissioner, Ontario, Canada, "Biometrics and the Privacy Paradox", Presentation (PPT ~ 826 KB)


Professor Mark Monmonier, Distinguished Professor of Geography, Syracuse University, "Geographic Aspects of Location Tracking with RFID and GPS", Presentation (PPT ~ 54 KB)

Paul M. Schwartz

Paul Schwartz, proffesor at Brooklyn Law School, is a leading international expert on information privacy, copyright, telecommunications and information law. He is teaching Information Privacy Law this spring at Berkeley.

He joined the faculty of Brooklyn Law School in 1998, where he is currently the Anita and Stuart Subotnick Professor of Law. His recent articles include “Property, Privacy, and Personal Data,” 117 Harvard Law Review 2055 (2004); “Eldred and Lochner: Copyright Term Extension and Intellectual Property as Constitutional Property,” 112 Yale Law Journal 2331 (2003) (William Treanor, co-author); and “Voting Technology and Democracy,” 75 N.Y.U. Law Review 625 (2002). His scholarship focuses on how the law has sought to regulate and otherwise shape information technology—as well as the impact of information technology on law and democracy.

More books and papers by Schartz

Cyber Trust and Crime Prevention

Cyber Trust and Crime Prevention is a project that was launched on the 10th June 2004 and all output documents are available to download.

Foresisht is a project supported by English Government Foresight produces challenging visions of the future, to ensure effective strategies now. It does this by providing a core of skills in science-based futures projects and unequalled access to leaders in government, business and science.

Cybertrust and Crime Prevention directed by Professor Sir David King, Chief Scientific Advisor. The aim was to look 15 - 20 years ahead at the impact of advances in next generation information technologies. In particular it considered issues of identity and authenticity; trust in Information technologies; surveillance; and how products and systems may be developed that minimise crime opportunities. The sponsor Minister for this project was The Rt. Hon. John Denham (Home Office).

You can access all these documents about: Privacy, Trust, Security.

And the executive sumamry

Americans increasing protections of privacy, personal information

By Stephen Pounds

Palm Beach Post Staff Writer

Monday, May 02, 2005 Consumers are revving up their shredders.

A new Harris Interactive survey on personal information protection for Delray Beach-based Office Depot shows Americans are going to greater lengths to protect their private data.

Two-thirds of those surveyed shred credit-card offers and their bills.

• More than one-third bring their mail to the post office rather than leaving it unattended in their mailbox.

• A quarter of them shield the ATM screen at banks.

• A quarter of them don't sign the back of their credit card so sales clerks will check their identification.

In another surprising trend, 7 percent of respondents use only cash for purchases so there's no paper trail.

"Very recently have people made the switch back to cash because of the issue of making all this credit information available. There's a lot of interest in this," spokeswoman Heather Govern said.

The survey was a national poll of 1,962 people for the giant office supply chain for last week's National Small Business Week