The Secure Times

An online forum of the ABA Section of Antitrust Law's Privacy and Information Security Committee

Leave a comment

FTC settles with telephone pretexters involved in HP matter

Widely reported today. See FTC press release and settlement document. As related in the CNET story and the press release, a larger fine was imposed on the Depantes, but was negotiated to a $3,000 payment due to their limited resources. Other parties who defaulted were subjected to fines of over $400,000 and $100,000.

1 Comment

UK plans surveillance database

UK government ministers are to consider plans for a database of electronic information holding details of every phone call and e-mail sent in the UK, it has emerged.   The plans, reported in the Times, are at an early stage and may be included in the draft Communications Bill later this year, the Home Office confirmed.

A Home Office spokesman said the data was a "crucial tool" for protecting national security and preventing crime.   The Home Office spokesman added: "The Communications Data Bill will help ensure that crucial capabilities in the use of communications data for counter-terrorism and investigation of crime continue to be available." 

However, the UK privacy watchdog is concerned about this development and Jonathan Bamford, Assistant Information Commissioner said: "We have warned before that we are sleepwalking into a surveillance society. Holding large collections of data is always risky; the more data that is collected and stored, the bigger the problem when the data is lost, traded or stolen. Defeating crime and terrorism is of the utmost importance, but we are not aware of any pressing need to justify the government itself holding this sort of data. If there is a problem with the current arrangements, we stand ready to advise on how they can be improved, rather than creating an additional system to house all records".


Leave a comment

EU Data Protection Watchdog Supports Data Breach Notification Law

This blog post relays the recent opinion by the European Data Protection Supervisor (EDPS) in favor of the EU enacting data security breach notification laws.

The EDPS recently adopted an opinion on the European Commission’s proposal to amend the Directive on Privacy and Electronic Communications, commonly known as "the ePrivacy Directive." If enacted, the proposed amendment to the ePrivacy Directive (a revised Article 4) would implement the first pan-European data breach notification requirement (even if somewhat limited by U.S. standards).

For the rest of the blog post...

Leave a comment

Are you sure that hard drive is clean?

Two related stories relate to data being recovered from hard drives.

This WSJ blog post relates the story of data being recovered from an improperly erased hard drive, and suggests that criminal charges relating to theft of the data will be dismissed, since the subject didn’t improperly acquire the data.

The second story concerns the recovery of data from the damaged hard drive of the Columbia space shuttle.

Leave a comment

Wired queries whether NebuAd technology provides opt-out from ISP monitoring

The prospect of ISP-based behavioral marketing has been the subject of much debate, first in the UK and now in the US, over the last several months.

This Wired article analyzes the operation of the NebuAd technology (NebuAd is one of the vendors of the ISP-based tracking technology), including its patent application, and Charter’s statements about the monitoring, and suggests that while customers can opt-out of ad delivery, they cannot opt out of the traffic monitoring process.

See also this letter from two Congressmen (Markey D-MA and Barton R-TX) to Charter Communications asking Charter to hold off on implementing the technology until a discussion between Charter and the Congressmen presides.

This blog post by Declan McCullagh comments on the Congressmen’s letter.

Leave a comment

More information on Turkish privacy legislation

Privacy Laws and Business has more information on the proposed privacy legislation in Turkey, part of its campaign for EU entry. A bill was sent to the legislature this week that would define personal data and regulate the state’s collection of personal data and transfer to third parties or other countries. It would establish an "autonomous privacy watchdog" to implement the law. More information also available from Today’s Zaman.