WHITHER WASHINGTON?

Previous page
Table of content
Next page
 < Day Day Up > 

The climate for personal privacy in Washington, D.C. hasn't been this chilly since the days when J. Edgar Hoover wore pumps. However, there are recent signs the Feds are at least acknowledging the increased threat to privacy, even if they're not doing much to stop it.

In February 2005, the Department of Homeland Security announced the formation of a Data Privacy and Integrity Advisory Committee to consult on "issues that affect privacy, data integrity, and data interoperability in DHS programs." But the 20-member board has drawn criticism for being composed largely of corporate executives, including D. Reed Freeman, chief privacy officer for Claria (makers of the controversial Gator adware application). Many longtime privacy advocates were shut out.

Committee member Jim Harper, director of information policy studies for the Cato Institute and editor of Privacilla (http://www.privacilla.org), believes the panel will spur the DHS to think harder about privacy issues. And, he adds, "it will give me and others a microphone and an opportunity to quit loudly if DHS disregards privacy."

In March 2005, the DHS issued a report on its ill-fated Computer Assisted Passenger Pre-screening System II (CAPPS II) in which the agency's Inspector General acknowledged a host of shoddy privacy practices. Among the highlights: the Transportation Safety Agency (TSA) failed to obtain confidentiality agreements with some companies with whom it shared data, and/or failed to enforce such agreements; it allowed passenger records to be transferred between companies unencrypted and without password protection; and the agency publicly denied having actual passenger data in its possession, when in fact it did. However, the report concluded that the agency had not broken any Federal laws.

(The report includes this wonderful slice of bureaucratese: "In 2003 and 2004, TSA officials made inaccurate statements regarding these transfers that undermined public trust in the agency. These misstatements were apparently not meant to mischaracterize known facts. Instead, they were premised on an incomplete understanding of the underlying facts at the time the statements were made." In other words, they lied, but they didn't know they were lying, and even if they did know they were lying, it wasn't their fault.)

THE CAN SPIES ACT?

As this book goes to press Congress is mulling yet another cyber-security bill with a cutesy acronym, this one aimed at spyware. The Securely Protect Yourself Against Cyber Trespass Act (or "SPY ACT") (H.R. 29) would make it illegal for spyware companies to hijack your browser, disable your security software, collect personal information, or install software on your computer without your consent. Unfortunately, the bill would do nothing to prevent companies like Claria from obtaining consent via an epic-length end-user license agreement (see Chapter 3, "EULA Be Sorry You Did"). At press time the bill had passed committee but had yet to be voted on by the full House; a similar bill passed the House last year by a vote of 399 to 1.

A competing House bill, the I-SPY Prevention Act of 2005 (H.R. 744), would make it a Federal crime to install software or steal personal information from a protected computer without its owner's authorization. The bill also authorizes funds for enforcement and establishes criminal sentences of 2 to 5 years. At press time the bill was still in committee.

The Anti-Phishing Act of 2005 (S.489) would make it a crime to send a phishing email or set up a phishing web site, regardless of whether anyone suffered harm from them, but provides no funds to pay for enforcement. It too was in committee at press time.

Bottom line: if passed, these laws will likely have as great an impact on spyware and phisher scams as the CAN SPAM bill did on junk email allowing Congress to claim it took action, but leaving users in the same leaky boat.


The good news is that the TSA has asked privacy consultants, including security guru Bruce Schneier, to serve on an oversight committee for its Secure Flight proposal, the successor to CAPPS II. The bad news is that a March 2005 report by the Government Accountability Office reveals that the TSA has yet to articulate how it's going to safeguard passenger privacy with Secure Flight, despite plans to launch the service in late summer 2005.

Thanks to the recent, egregious data leaks at ChoicePoint, Acxiom, LexisNexis, and Bank of America, Congress will almost certainly pass some kind of law regarding identity theft. Likely legislation could range from requiring data brokers (see Figure 7-6) to notify consumers when their information has been stolen (what the data brokers are pushing) to making it harder for them to sell sensitive information like Social Security numbers (what the brokers are definitely opposing).

annoyances 7-6. Quick are you a Boomtown Single, a City Startup, or a Middleburg Manager? These are some of the faux categories dreamed up by data vendors like Claritas, who slice and dice demographic data, then sell it for a profit.


The Electronic Privacy Information Center (EPIC), which has been contacted by Congressional offices on both sides of the aisle seeking guidance on ID theft issues, is pushing to expand the Fair Credit Reporting Act to include data brokers like ChoicePoint and Acxiom. Putting data mining firms under the umbrella of the FCRA would provide consumers access to their data, notice about how it's being used, and the ability to correct inaccurate information which becomes especially vital when that data is used by government agencies to identify possible terrorists.

UNCLE SAM'S SECRET OBSESSION

Despite the Bush Administration's dismal record of protecting personal privacy, there's one area where it zealously guards sensitive information its own documents. According to the Federation of American Scientists Project on Government Secrecy, the number of documents classified as "secret" by the Bush Administration has jumped 75 percent from 9 million in 2001 to 16 million in 2004. This administration has granted the Environmental Protection Agency, the Department of Agriculture, and the Health and Human Services department the ability to mark documents as "secret." According to FAS project director Steven Aftergood, thousands of unclassified documents have been purged from government web sites and the National Archives in the last three years.

Directives issued by then-Attorney General John Ashcroft in late 2001 instructed Federal agencies to resist Freedom of Information Act requests whenever they could find legal grounds to do so. The result has been an enormous backlog of FOIA requests (see Chapter 6, "What's In in Your Files?") and increasing discomfort on both sides of the political spectrum.

Earlier this year, Senators Pat Leahy (D-Vermont) and John Cornyn (R-Texas) introduced bills to make it easier to file a FOIA request, limit the number of exemptions Federal agencies can claim under the Act, and expedite processing of requests. But given current political realities, any move to loosen the Bush Administration's tight grip on information is a long shot.

Writing for Slate (http://slate.msn.com/id/2114963/), Aftergood summed up the situation eloquently: "Information is the oxygen of democracy," he wrote. "Day by day, the Bush administration is cutting off the supply.


     < Day Day Up > 

    Previous page
    Table of content
    Next page
    Computer Privacy Annoyances
    Computer Privacy Annoyances
    ISBN: 596007752
    EAN: N/A
    Year: 2005
    Pages: 89
    BUY ON AMAZON
    Systematic Software Testing (Artech House Computer Library)
    C++ GUI Programming with Qt 3
    PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
    Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
    File System Forensic Analysis
    VBScript in a Nutshell, 2nd Edition
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy