Sunday, July 6, 2003

Thanks to *********************************************************************** SANS NewsBites July 2, 2003 Vol. 5, Num. 26 *********************************************************************** --Feinstein Introduces Security Breach Notification Bill (30 June 2003) Senior Judiciary Committee member Senator Dianne Feinstein (D-Calif) has introduced a bill that would require businesses and government agencies to let people know if their computer systems are compromised and certain types of personal data are stolen. The proposed legislation echoes a California law that took effect July 1, requiring customer notification if unencrypted personal data is exposed. While the new law would not have an effect on the California law, it would preclude other states from enacting similar statutes of their own. http://www.cnn.com/2003/TECH/biztech/06/30/hacker.bill.ap/index.html Article On the California law: http://www.signonsandiego.com/news/computing/20030623-0003-ca-wevebeenhacked.html [Editor's Note (Schneier): The California law has the enormous loophole of not requiring disclosure in the event of an ongoing investigation. My guess is that some security breaches will be part of ongoing investigations forever.] Existing California law: http://www.leginfo.ca.gov/pub/01-02/bill/sen/sb_1351-1400/sb_1386_bill_20020926_chaptered.html It is S.1350: http://thomas.loc.gov/cgi-bin/query/z?c108:S.1350: 7:32:59 PM    comment []

The GILC News Alert is the newsletter of the Global Internet Liberty Campaign, an international coalition of organizations working to protect and enhance online civil liberties and human rights. Organizations are invited to join GILC by contacting us at gilc@gilc.org. To alert members about threats to cyber liberties, please contact members from your country or send a message to the general GILC address. To submit information about upcoming events, new activist tools and news stories, contact: Christopher Chiu GILC Coordinator American Civil Liberties Union 125 Broad Street, 17th Floor New York, New York 10004 USA Or email: cchiu@aclu.org More information about GILC members and news is available at 4:06:13 PM    comment []

Thanks to: GILC Alert, Volume 7, Issue 3, 25 June 2003 Global Internet Liberty Campaign Newsletter Welcome to GILC Alert, the newsletter of the Global Internet Liberty Campaign. =================================================================== [22] Japanese government passes personal info bills =================================================================== The Japanese parliament has finally passed highly controversial legislation aimed at guarding personal information. The proposed legislation was first introduced in 2001 but subsequently encountered several delays and revisions after the media and public protested that freedom of expression would be curtailed. Under these rules, Japanese citizens can ask firms to reveal what personal information is being kept about them, request companies to stop using personal information about them, or correct their files. Japanese government regulators are tasked with prosecuting offenders of the new laws. The legislation also calls for an information protection council to deal with privacy grievances. To assuage fears concerning freedom of speech, the legislation will not apply to the media or publishing bodies and research institutions. The bills define media institutions as those organizations which deliver objective facts to numerous, unspecified people. Policymakers predict intense debate in the weeks following the Diet session. Many worry that the ambiguity and fuzzy guidelines outlined in the legislation will do little to protect privacy, especially with regard to government collection and dissemination of personal data. See "Japan passes information protection bills," Mainichi Shimbun, 23 May 2003, available at http://mdn.mainichi.co.jp/news/archive/200305/23/20030523p2a00m0dm020000c.ht ml Read "Hit and miss: A close look at what the controversial privacy-protection bills would mean for consumers reveals numerous flaws," Asahi Shimbun, 22 May 2003 at http://www.asahi.com/english/politics/K2003052200343.html 4:03:48 PM    comment []

Thanks to: GILC Alert, Volume 7, Issue 3, 25 June 2003 Global Internet Liberty Campaign Newsletter Welcome to GILC Alert, the newsletter of the Global Internet Liberty Campaign. ================================================================= [19] UK government forces massive Net user data info disclosures ================================================================= Reports indicate that British government officials are routinely demanding huge quantities of personal online and telephone data, even as they seek wider powers for Internet snooping. Under the controversial Regulatory of Investigatory Powers Act, the British Home Office has been making approximately a million yearly requests for access to data held by net and telephone companies. According to the Foundation for Information Policy Research (FIPR-a GILC member), the list of government agencies making these demands is not limited to the Metropolitan Police (127 000 requests), but also includes such bureaus as the Radio Communications Agency (400 requests), the Financial Services Authority (100 requests). These figures were released at a recent public debate where the government proposed to increase its ability to obtain personal communication data. The British government has already running into controversy with net and telephone companies over the extent of time companies should be forced to retain such data, with suggestions ranging from six months to seven years. Privacy advocates have expressed strong concern over the extent of government data mining, who have pointed out that large amounts of communications information, including phone numbers dialed, email addresses contacted, websites visited and so on are all available with scant judicial oversight. "The government can't just say we have the intent to prevent crime so therefore we can do more or less what we like," says Simon Davies, the head of lobby group, Privacy International (a GILC member). Read "Extent of UK snooping revealed," BBC News Online, 16 May 2003 at http://news.bbc.co.uk/1/hi/technology/3030851.stm See also Graeme Wearden, "Whistle blown over extent of UK data seizures," ZDNet UK, 14 May 2003 at http://news.zdnet.co.uk/story/0,,t269-s2134686,00.html 4:01:03 PM    comment []

If common sense has a place in the law (by no means a sure thing), then the court should surely take note of EFF's desired outcome. For this release: http://www.eff.org/Cases/Lexmark_v_Static_Controls/20030702_eff_pr.php EFF amicus brief in Lexmark v. Static Control: http://www.eff.org/Cases/Lexmark_v_Static_Controls/20030702_eff_amicus.php EFF Lexmark v. Static Control archive: http://www.eff.org/Cases/Lexmark_v_Static_Controls/ EFF Reply Comments to Copyright Office, supporting Static Control (Adobe PDF file): http://www.eff.org/IP/DMCA/Lexmark_v_Static_Controls/SCC_031003.pdf Good doing, Wendy 3:42:04 PM    comment []

© Copyright 2003 Noel D. Humphreys.