Laws in Canada and other countries are increasingly helping technology force people to identify themselves where they never had to before, threatening privacy that allows people to function effectively in society, a new study has found. "What we're starting to see is a move toward making people more and more identifiable," University of Ottawa law professor Ian Kerr said Wednesday. His comments followed the launch of Lessons from the Identity Trail: Anonymity, Privacy and Identity in a Networked Society, a book summing up the study's findings, at a public reading in downtown Ottawa hosted jointly with the Privacy Commissioner of Canada. Kerr led the study with University of Ottawa criminology professor Valerie Steeves. They collaborated with 35 other researchers in Canada, the U.S., the U.K., the Netherlands and Italy. The researchers reported that governments are choosing laws that require people to identify themselves and are lowering judicial thresholds defining when identity information must be disclosed to law enforcement officials. That is allowing the wider use of new technologies capable of making people identifiable, including smartcards, security cameras, GPS, tracking cookies and DNA sequencing. Consequently, governments and corporations are able to do things like: * Embrace technologies such as radio frequency identification tags that can be used to track people and merchandise to analyze behaviour. * Boost video surveillance in public places. * Pressure companies such as internet service providers to collect and maintain records of identification information about their customers. While Canada, the U.K., the Netherlands and Italy all have national laws protecting privacy - that is, laws that allow citizens to control access to their personal data - such legal protection does not exist for anonymity, Kerr said. "Canada is quite similar [to other countries] with respect to anonymity. Namely, it's shrinking here just as it is there.

Facebook has gone a long way to protect the privacy of users on its own site. But what happens when users share their Facebook profiles and friend lists with other sites? Are social networks responsible for defending data its members decide to take elsewhere? Those questions have taken on added urgency following the introduction of tools by leading social networks, including Facebook and News Corp.'s (NWS) MySpace, that let users interact with their friends on partner sites. Facebook Connect, for example, lets a user instantly share a movie rating on Netflix (NFLX) with all or some of his or her pals on Facebook. Privacy advocates warn that these services pose a whole new set of concerns about how user data are collected and shared among sites on the Web. Using these open-networking tools, thousands of companies can unearth a trove of new data about a visitor-age, gender, location, interests, and even what a person looks like. "I'm wondering if people really understand when they're using Facebook Connect that other sites get access to their whole user profile and social graph," says Pam Dixon, executive director of the World Privacy Forum. Announced last July, Facebook Connect has already signed up more than 8,000 partner sites, many of which plan to use data collected on Facebook members for their own purposes. Joost, a video-viewing site that integrated with Facebook Connect in December, checks the ages of viewers entered on their Facebook profiles to give its own content partners-CBS (CBS), for example-a better idea of which Joost users are watching CBS programming. Digg.com will let users display their Facebook profile photos alongside comments they make on the social news-sharing site.

Parents of 18,541 Metro Nashville students will receive letters next week outlining a security breach that put their children's Social Security numbers online for three months. Advertisement Boston-based Public Consulting Group Inc., which holds a five-year, $2.6-million-a-year contract with the state to collect student data from various districts, corrected the error March 31 after a parent using Google to search her daughter's name found it - along with personal data for the students and 6,000 parent names. Art Staehling learned Wednesday that his teenage daughter was on the list and said he's concerned what could happen to her identity. "I find it hard to believe that an established company had a problem of this magnitude," Staehling said. The consulting group will pay for parents of affected children to check all family members' credit reports through Experian and for a year of monitoring. One of the group's owners, Stephen Skinner, said the error happened when workers running a test Dec. 28 on random student data inadvertently stored a file to an insecure directory. They discovered the error March 5 and took down the file, which contained student names, gender, race or ethnicity, date of birth, Social Security number and, in some cases, parent names. But they were unaware Google's search engine had already found the file and indexed it. That's how the parent, who is also a Metro schools employee, found out about the breach weeks later. Public Consulting Group worked with Google to take the information down.

Purdue University last month reported its seventh data breach in the past four years. But Purdue is hardly alone. According to my records, over 300 publicized privacy incidents have occurred at U.S. institutions of higher learning since 2001, with at least 53 colleges and universities experiencing multiple breaches (see table at end of article). The regular stream of university data-breach reports has prompted Adam Dodge, assistant director for information security at Eastern Illinois University, to devote a blog - Educational Security Incidents - to the topic. When I last covered the issue four years ago (see "Security breaches challenge academia's 'open society' "), universities were the leading sector for publicized breaches. The same is true today. What's going on? Why haven't things changed? John Correlli of Los Angeles-based JMC Privacy Consulting Group has some answers. Correlli recently published a detailed analysis of the topic, "Breaches in the Academia Sector." Correlli identifies the top three root causes of university breaches: unauthorized access, usually inside jobs; accidental online exposures; and stolen laptops. "Privacy governance in academia is far too frequently thrown into the laps of the IT folks, who are then told, implicitly or explicitly, that privacy isn't a priority until it's a problem," Correlli told me.

Internet scams, phishing, identity theft and other attacks that exploit your personal data are always a threat when you shop online, set up an email account, use a credit card, manage an online bank account or carry your Social Security card. There is hope, however, for fighting these threats, and you can start by taking back control of all of your personal data. The 50 tips and tools in this list will help you understand how these scams originate, how to protect yourself online and offline, and how to track down your personal data on the Internet. Web Privacy Protect yourself and your data online by choosing a secure Web browser, understanding the dos and don'ts of wireless security, and correctly managing passwords.

Privacy is Dead. Long Live Privacy? at the 2007 Battle of Ideas conference hosted by the Institute of Ideas.New technology seems to have changed the meaning of privacy, affording individuals the possibility of sharing details of their hitherto private lives in unprecedented ways, from personal blogs to picture sharing and even 'social bookmarking'. For many of us, divulging intimate details of our private lives via social networking websites like MySpace and Facebook has become the norm. But information and communication technologies have also facilitated surveillance and data gathering by government and big businesses. While in some contexts we seem so ready to give up our privacy, in others we seem increasingly anxious to protect it.To what extent are new technologies responsible for the death of privacy? Are privacy concerns simply technophobic, or are we right to worry about a loss of control over personal information? Have new technologies and our enthusiastic adoption of them actually transformed our notions of public and private, and blown apart the wall dividing the two? Why do we worry about Tesco monitoring what we buy, when, according to Sun Microsystems CEO Scott McNealy: 'You have zero privacy anyway. Get over it'? - IoI

Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, the Wall Street Journal reported on Wednesday. The spies came from China, Russia and other countries, and were believed to be on a mission to navigate the U.S. electrical system and its controls, the newspaper said, citing current and former U.S. national security officials. The intruders have not sought to damage the power grid or other key infrastructure but officials said they could try during a crisis or war, the paper said in a report on its website. "The Chinese have attempted to map our infrastructure, such as the electrical grid," a senior intelligence official told the Journal. "So have the Russians." The espionage appeared pervasive across the United States and does not target a particular company or region, said a former Department of Homeland Security official. "There are intrusions, and they are growing," the former official told the paper, referring to electrical systems. "There were a lot last year." The administration of U.S. President Barack Obama was not immediately available for comment on the newspaper report. Authorities investigating the intrusions have found software tools left behind that could be used to destroy infrastructure components, the senior intelligence official said. He added, "If we go to war with them, they will try to turn them on." Officials said water, sewage and other infrastructure systems also were at risk.

Banks and cellphone companies have a long way to go to persuade U.S. consumers to use their cellphones for banking, as many worry about security and extra fees and others are not even aware they can. In a survey of about 500 U.S. consumers, accounting firm KPMG found that only about 9 percent had tried mobile banking. In comparison, about 76 percent "consistently use" online banking services on computers. As many as 95 percent said they were so uncomfortable with conducting financial transactions on their phones that they've never used them to make a purchase on a retailer's Web site. About 48 percent of respondents cited security and privacy worries as their reason for not banking on their cellphones, according to KPMG. While many respondents said they believe mobile banking is important, according to the accounting firm, they do not think it is important enough to pay extra for it. Roughly 19 percent of respondents said they are "somewhat likely" to a use a mobile device for online banking in the next 12 months but only seven percent said are willing to pay a nominal fee for cellphone banking, according to the survey. And even though most of the major U.S. banks offer a mobile banking service, about 68 percent of the survey respondents said their bank does not offer the service. "The fact that the majority of U.S. consumers are not aware that their current banks offer mobile banking is clearly more perception than reality," said Carl Carande, a principal in KPMG LLP's Advisory and Banking and Finance practices. Banks offering mobile services include Citigroup Bank of America and Wells Fargo.

The new Obama Administration and a stronger Democratic party control of Congress set in the midst of a struggling economy and foreign policy issues, has created an interesting environment for legislation and regulations affecting customer interactions both federally and at state levels. While contact center-and-direct marketing-affecting issues such as offshoring, privacy, and telemarketing may haven been pushed offstage, they are not out of the hall. Ironically, economic pressures may shove them back into the spotlight as governments, especially states, seek ways to keep jobs and revenue sources, which contact centers provide. Federal Legislation Here is an examination of federal industry issues that lawmakers and regulators are and may be addressing in 2009: * Offshoring Federal lawmakers may reintroduce a bill similar to HR 1776, The Call Center Consumer's Right to Know Act, which would require contact center agents to disclose the physical location of such employee at the beginning of inbound and outbound calls. Firms would also have to annually certify to the Federal Trade Commission (FTC (News - Alert)) their compliance with such requirement. HR 1776 is an attempt to restrict offshoring by making customers aware that their calls may be going to or originating out of country. The bill's supporters hope customers and negative publicity would pressure firms to bring such jobs back to the U.S. The downsides are that such bills may significantly add to contact center costs in both onshoring and time spent location disclosing and in compliance, which would ultimately be paid for by consumers. In doing so bills like it that hike contact center expenses may also be self-defeating as they may result in fewer domestic jobs. "The particular type of disclosure contemplated by HR 1776 is a burdensome additional disclosure without clear benefit to the consumer," American Teleservices Association (ATA) CEO Tim Searcy told the House Energy and Commerce subcom

On Monday, U.K.-based digital rights organization Open Rights Group submitted an open letter to major online media players, urging them to prevent ISP-level behavioral targeting firm Phorm from tracking user interactions on their Web sites. The letter, sent to Google, AOL, Microsoft, Facebook, Yahoo, Amazon and Ebay, said, "[ORG] believes that it is clearly in your company's interest, it is in the interests of all of your customers, and it will serve to protect your brand's reputation, if you insist that the Phorm/Webwise system does not process any data that passes to or from your website." "We have received the letter and are giving it careful consideration from privacy and business perspectives," a spokesperson for AOL and its social network Bebo told ClickZ News. Similarly, in reference to the ORG correspondence, a Google spokesperson told ClickZ, "We've received the ORG's letter, but we're still considering the points they raised, so we don't have a response to make at this time." According to information published on the British Telecom Web site (one of Phorm's ISP-partners,) site owners can specifically request that their properties are not "scanned" by Phorm's technology, by contacting the firm directly. Phorm announced deals with three major U.K. ISPs over a year ago, but its technology is still yet to be fully deployed. BT has, however, carried out live trials of the platform with some of its customers. Phorm's CEO, Kent Ertugrul, claims that BT will implement his company's technology by the end of the year, but BT itself remains less committed to that timeline. Both AOL and Google have vested interests in the behavioral targeting space, although not in the controversial area of deep packet inspection (DPI), in which Phorm's technology lies. AOL-owned Tacoda targets ads based on users' activity across a range of partner sites, but does not directly intercept ISP-data. Google also announced this month that it will begin testing similar behavioral targe

Customers of CVS' pharmacy will be able to import their prescription records into a Google Health account as a result of an expanded deal between the two companies. The deal was announced Monday. An earlier deal already allowed workers whose company uses CVS Caremark to handle drug benefits to use Google Health to store their drug records. The new deal expands this to customers of CVS' network of retail pharmacies. "We now offer all of our consumers the ability to download their prescription and medication history into their Google Health Personal Health Record, whether they are CVS/pharmacy customers, CVS Caremark plan participants or visitors to our MinuteClinic locations," said CVS Caremark Executive Vice President Helena Foulkes in a statement. "By enabling patients to download their prescription information directly into their personal health record, we are helping to close the gap in today's fragmented health care system and provide a full view of a patient's health." To use the tool, the companies said, consumers need to sign up for the prescription management feature on CVS.com as well as be authenticated. With the latest deal, Google said it now believes more than 100 million Americans will have the option of viewing their drug history within Google Health. Microsoft, which is also trying to sign consumers up for its HealthVault service, announced a deal with New York-Presbyterian Hospital on Sunday which will allow patients of that hospital system to export their records to a HealthVault account.

Traditionally, we trust doctors with confidential information about our health in the knowledge that it�s in our own interests. Similarly, few patients object to the idea that such information may be used in some form for medical research. But what happens when this process is subject to scrutiny?How explicit does our consent have to be? Since the introduction of the Data Protection Act 1998 medical researchers have raised concerns over the increasing barriers they face to accessing patient data.These concerns have heightened amongst some researchers since the passing of the Human Tissue Act 2004 introduced in the wake of the Alder Hey and Bristol Royal Infirmary scandals. When scientific advances are unraveling the secrets of DNA and the decoding of the human genome has opened up substantial new research opportunities.Clinical scientists and epidemiologists argue that the requirements being placed upon them are disproportionate to the use they are making of either datasets or tissues samples and, besides, their work is in the public interest.At the heart of the debate lie key questions over trust and consent and how these can best be resolved.To complicate things, it is no longer just medical researchers, but also public health bureaucrats who are keen to have access to our data.Quasi-official bodies have been charged with persuading individuals to change their behaviour and lifestyles in connection with all manner of issues such as diet, exercise, smoking and alcohol consumption.Social Marketing � the borrowing of commercial marketing techniques in the pursuit of 'public goods' � is in vogue amongst public health officials. Empowered by advanced data collection and computing techniques, armed with the latest epidemiological research, and emboldened by a mission to change unhealthy behaviour, public health officials are keen to target their messages to specific 'market segments' in most need of advice.Are government researchers abusing patients' trust? Can an

The International Dimensions of Securing Cyberspace with Seymour Goodman, Professor of International Affairs and Computing at Georgia Tech.Hudson Institute hosts the fourth installment of its Telecommunications, Information, and Security Policy Seminar series. Drawing on his experience in the international dimension of cyberspace, Goodman leads a discussion on the extent of the internationalization of cyberspace, specific international problems and weaknesses that add to cyberspace insecurity, especially relating to Africa, and also discusses some forms of international cooperation that might help alleviate these problems.

NEW YORK With increasing amounts of personal information liable to float around in cyberspace, consumers are deciding whether their data is safe in the hands of some public- and private-sector entities. A BBC World News America/Harris Poll finds a mixed verdict, with social-networking sites faring especially badly. In polling conducted last month, adults were asked to say how much trust they have in various sectors "to handle your personally identified information (such as credit-card information, contact information and so forth) in a properly confidential and secure manner." The poll's best scores went to "health providers, such as doctors and hospitals," with 20 percent of respondents expressing "a great deal of trust" and 55 percent "some trust" in these. Nineteen percent voiced "not much trust" and 7 percent "no trust at all" in this sector. At the bottom of the rankings were "social-networking sites (like Facebook or MySpace)," with 5 percent expressing a great deal of trust and 18 percent some trust in these. Thirty-one percent said they had not much trust and 46 percent no trust at all in these sites to safeguard personal information. (Whether people should direct their distrust to themselves for posting such information there in the first place is a question the survey didn't address.) Respondents were also wary of "search and portal sites (like Google or Yahoo!)" when it comes to keeping personal information secure: Ten percent voiced a great deal of trust, 39 percent some, 29 percent not much and 22 percent no trust at all. Even the federal government fared (slightly) better, with 13 percent expressing a great deal of trust, 41 percent some, 28 percent not much and 18 percent none. The scores were more positive for "banks and brokerage companies": 15 percent a great deal of trust, 43 percent some, 28 percent not much and 13 percent none. That was roughly on a par with the ratings for "my e-mail provider": 14 percent a great deal, 48 percent some, 27 p

A Constitutional History Lesson with David Bisno.Protection of individual rights from government abuse has been at the center of constitutional debates since the country's founding, but scholars and politicians have stopped short of claiming an explicit "right to privacy" until recently. Bisno, an M.D. turned "silver-haired scholar," discusses the history of privacy in the Constitution.

Is the price to safeguard America's information systems and networks on a collision course with efforts to rescue the economy? One would hope not, but the $789 billion stimulus package that contains nearly $10 billions for IT-related projects offered very little for cybersecurity. Still, the president sees protecting government and private-sector information systems as crucial to the economic vitality of the country. So, when Acting Senior Director for Cyberspace Melissa Hathaway hands the President her recommendations on securing the nation's information infrastructure later this month, a sharper picture should emerge on how much money the government will need to spend to do just that. What Price Security? The government isn't a spendthrift in protecting its IT networks; it earmarked $6.8 billion a year on cybersecurity this fiscal year, up from $4.2 billion five years ago, according to the White House Office of Management and Budget. But is that enough? Appropriating money to find new and innovative ways to protect our critical information infrastructure doesn't seem to be a government priority, at least not yet. Of the $147 billion the government planned to spend on all types of research and development this fiscal year, only $300 million or 0.2 percent was slated for cybersecurity, according to the Securing Cyberspace in the 44th Presidency report issued by the Center for Strategic and International Studies. By comparison, the budget contained five times as much money $1.5 billion for nanotechnology R&D.

You're watching Jon Stewart's "The Daily Show," when suddenly you see a commercial for the Mustang convertible you've been eyeing - with a special promotion from Ford, which knows you just ended your car lease. A button pops up on the screen. You click it with the remote and are asked whether you want more information about the car. You respond "yes." Days later, an information packet arrives at your home, the address on file with your cable company. This is the future of cable TV advertising: personal and targeted. Cable TV operators are taking a page from online advertising behemoths like Google Inc. to bring these so-called "addressable" ads onto the television. "It hasn't really been done on TV before," said Mike Eason, chief data officer of Canoe Ventures, a group formed by the nation's six largest cable operators to launch targeted and interactive ads on a national platform starting this summer. They're betting they can even one-up online ads because they also offer a full-screen experience - a car commercial plays much better on your TV than on your PC. As such, they hope to charge advertisers more. The stakes are high: Cable companies get only a small portion of the $182 billion North American advertising market. Eason said the cable operators, which sell local ads on networks like Comedy Central, get roughly 10 percent of the commercial time on those channels. With targeting, they are hoping to expand that. But they have to tread carefully. Privacy advocates worry the practice opens the door to unwanted tracking of viewing habits so ads can target consumers' likes or dislikes. They also fear it could lead to discrimination, such as poorer households getting ads for the worst auto-financing deals because they are deemed credit risks. "You've got to tell people you're doing it and you've got to give people a way to say no," said Pam Dixon, executive director of World Privacy Forum in Carlsbad, Calif. "Otherwise, it's just not fair."

The sheer volume of amateur cellphone sex videos on the Internet's porn site - while certainly culturally edifying - illustrates the new truth about sex in the 21st century: don't let anyone record it, or everyone will be enjoying it. But sometimes, the all-seeing and voyeuristic eye of consumer video culture has a happy ending: a businessman who recorded himself having sex with a university student was recently cleared of the charges after the footage was shown in court. Before the footage was presented as evidence, the judge warned both the gallery and the jury: "You are going to see a clip which from what I have been told you may find extremely distasteful." Despite this warning, though, the defense failed to exhibit a scene from Dustin Diamond's sex tape, but instead a rather traditional recording of an enthusiastic coupling. After the tape had finished playing, the judge ruled in the favor of the defendant. "You and Mr Taylor were very familiar with each other and comfortable in each other's presence." There's the possibility, of course, that the judge made the wrong decision: there could have been drugs involved. But score one for the good guys. A lot is made, rightfully, of the eradication of privacy in the digital age, but when it can help a man avoid wrongful imprisonment and the total ruin of his life, there's a bright side. The moral? If you're actively swinging, pony up for a cell phone with a good camera. And PornHub commenters say, the more megapixels, the better.

There is no denying that Google is a giant success. But its size has made the "do no evil" mantra all the more difficult for it to follow - and for some of us to believe. Lately, it seems every new release and every new decision draws the ire of someone, be it politicians, privacy campaigners, or even villagers. While the Google brand is certainly in better shape than many tech firms, its constant moves to control more and more of our data and information has some up in arms. Privacy Three recent announcements have drawn the attention of privacy campaigners in the UK - Latitude, Street View, and behavioural advertising. Latitude is Google's mobile tracking system. Sign up for it, add your friends, and you can all see exactly where each other is via your mobile phone signal pinpointed on a Google map. Handy if you're bored and want to know who's out and about, but the location tracking system could be frightening for a host of other reasons, some say. Last month, Liberal Democrats Home Affairs spokesman Tom Brake filed an early day motion (EDM) asking the government to look into Latitude. Brake said: "This system poses an insidious threat to our hard-won liberties. 24-hour surveillance and a Big Brother society are new realities." But the heat was off Latitude after Street View was unveiled in the UK. The photo mapping system features street-level photos of 25 cities, offering a virtual tour of places such as London, Manchester and more. But some people aren't so happy having their homes, cars and selves photographed and mapped - even with face and number plates blurred. The backlash didn't take long to start. Within a day, Privacy International was on the case, asking the Information Commissioner to shut the site down.

There are some security measures that are extremely intrusive and should only be used when there is good cause to suspect that an individual is a security risk. See-through body scanning machines are capable of projecting an image of a passenger's naked body. Passengers expect privacy underneath their clothing and should not be required to display highly personal details of their bodies such as evidence of mastectomies, colostomy appliances, penile implants, catheter tubes and the size of their breasts or genitals as a pre-requisite to boarding a plane.