According to an article in the NY Times, documents obtained by the Electronic Privacy Information Center from the Social Security Administration (SSA) reveal that the SSA disclosed personal information in response to FBI requests after 9-11:
Remember CAPPS II, the program for screening airline passengers by using databases of personal information? This program was scrapped because the Transportation Security Administration (TSA) of the Department of Homeland Security (DHS) was concerned that it posed an increasing threat to privacy and civil liberties. Replacing CAPPS II was the nicely-monikered “Secure Flight.” (EPIC’s website has a good history and set of links about the history of the program.) After names like Carnivore and Total Information Awareness, government officials have learned to rename things with soothing happy titles. Secure Flight was to be a kindler, gentler version of CAPPS II, with more limited uses of information and with more limited information gathering and retention. Privacy advocates were skeptical of Secure Flight, but TSA insisted that Secure Flight was genuinely nicer, not just nicer in name. According to TSA’s final order on its testing of Secure Flight:
The Office of Legal Counsel (OLC) of the DOJ has issued a highly suspect interpretation of the original HIPAA that seriously undermines the enforceability of HIPAA.
Some background: In 1996, Congress Passed the Health Insurance Portability and Accountability Act (HIPAA). The Act, at 42 U.S.C. § 1320d-6, provided in part for the protection of medical privacy – although it left the specific details to the Department of Health and Human Services (HHS) to establish via a rulemaking. HIPAA contained civil and criminal penalties for when:
A person who knowingly and in violation of this part–
(1) uses or causes to be used a unique health identifier;
(2) obtains individually identifiable health information relating to an individual; or
(3) discloses individually identifiable health information to another person
This interesting AP story demonstrates how illusory anonymity can be on the Internet:
I’m getting tired of posting about data security breaches, but this one is a whopper — actually, more like a double whopper. From the AP [link no longer available]:
A Washington Post article discusses the letter the FDIC recently mailed to about 6,000 of its employees that describes a data security breach where employee personal information was compromised:
The FTC just announced a settlement with BJ’s Wholesale Club, Inc. From the FTC press release:
An article discusses the courtship of Supreme Court clerks. Some firms are giving $150,000 signing bonuses.
From a recent survey:
Nearly half of U.S. voters say they don’t shop online because they fear identity thieves may capture their bank-account information, according to a survey released on Wednesday by a technology-industry trade group.
These fears are heightened because of the rash of security breaches in recent months. I previously posted about these breaches here and here.
A Washington Post article discusses the growing use of biometric identification, which involves authenticating identity by using immutable characteristics of the human body. Some methods include fingerprint readers, iris scanners, and facial recognition systems. According to the article: