Privacy & Security News BriefFebruary 16 – February 22, 2008

Vol. 1, No. 20

TABLE OF CONTENTSBIOMETRICS................................................................................................................................................................4

First Nation Ojibway in Canada to Use Bio-ID Cards for Border-Crossing Control_______________________4

DATA BREACH............................................................................................................................................................4Personal data on 28,000 schoolchildren stolen____________________________________________________4Data Breaches: A Global Dilemma_____________________________________________________________4Irish blood donor records stolen in New York_____________________________________________________4A&M posted 3,000 people's personal data_______________________________________________________4Stolen hardware held DWP employees' personal information________________________________________5Ft. Lauderdale Dumpster Becomes A Treasure Trove______________________________________________5

E-COMMERCE.............................................................................................................................................................5LexisNexis Parent Set to Buy ChoicePoint_______________________________________________________5HP Settles With Journalists Over Pretexting______________________________________________________5Chinese hacker steals user information on 18 MILLION online shoppers at Auction.co.kr__________________5

EDITORIALS & OPINION..........................................................................................................................................6Privacy and Behavioral Targeting: How Much Data Is Too Much?____________________________________6Chaotic Approach to Privacy Hurting US________________________________________________________6

EDUCATION.................................................................................................................................................................6

EMPLOYEE...................................................................................................................................................................6

FINANCIAL...................................................................................................................................................................6

GOVERNMENT – U.S. FEDERAL..............................................................................................................................6Black Hat Conference: Experts Develop Cybersecurity Recommendations For Next President______________6Military Aims To Seal Leaky Networks_________________________________________________________6ISP blunder exposes entire domain's worth of e-mail to FBI_________________________________________7Defense, GSA lead way on encryption technology_________________________________________________7

GOVERNMENT – U.S. STATES..................................................................................................................................7

HEALTH & MEDICAL.................................................................................................................................................7Google to store patients' health records in test of new service________________________________________7Health data storage sites might not be secure_____________________________________________________7Privacy group sounds alarms over personal health records systems____________________________________7Attacks on health care organizations up 85 percent_________________________________________________8

IDENTITY THEFT.......................................................................................................................................................8Be concerned over financial privacy issue [Arizona]_______________________________________________8The web is less risky than phone or mail for identity theft, survey finds________________________________8

INTERNATIONAL........................................................................................................................................................8

AFRICA.....................................................................................................................................................................8

SOUTH AFRICA___________________________________________________________________________8Data privacy Bill in suspended animation________________________________________________________8

ASIA/PACIFIC.........................................................................................................................................................9AUSTRALIA______________________________________________________________________________9Police's CCTV plan 'violates privacy rights'______________________________________________________9War on music piracy________________________________________________________________________9Australian businesses may be forced to publicly admit data breaches__________________________________9NEW ZEALAND___________________________________________________________________________9Privacy of national registers questioned_________________________________________________________9

EUROPE....................................................................................................................................................................9EUROPEAN UNION_______________________________________________________________________9EU regulators skeptical on Microsoft's plan to share technology______________________________________9BULGARIA______________________________________________________________________________10Co-Ruling Party Opposes Data-Retention Regulation_____________________________________________10LIECHTENSTEIN_________________________________________________________________________10Liechtenstein details stronger privacy rules______________________________________________________10UNITED KINGDOM______________________________________________________________________10ISPs could face piracy sanctions______________________________________________________________10

MIDDLE EAST.......................................................................................................................................................10

NORTH AMERICA...............................................................................................................................................10

SOUTH AMERICA................................................................................................................................................10

LEGISLATION – FEDERAL.....................................................................................................................................10Bush says nation in more danger because Congress hasn't extended spy law____________________________10Privacy: Less and less is the trend_____________________________________________________________11White House objects to plan for .gov P2P security________________________________________________11

LEGISLATION – STATE...........................................................................................................................................11ALASKA________________________________________________________________________________11Prescription drug database proposed: Bill sponsored raises concerns over personal privacy________________11CONNECTICUT__________________________________________________________________________11Board Hears Report on Plans for E-Waste at Transfer Station_______________________________________11KENTUCKY_____________________________________________________________________________11Proposed Law Would Protect Kentuckians From Identity Theft______________________________________11WASHINGTON__________________________________________________________________________12Washington State House Gives Nod to Privacy Bill_______________________________________________12

LITIGATION & ENFORCEMENT ACTIONS.........................................................................................................12Experian Sues LifeLock, Alleges Fraud________________________________________________________12Privacy case is rejected by court: U.S. wiretapping battle now over___________________________________12Whistle-blower site taken offline______________________________________________________________12 Privacy, civil rights advocates castigate Wikileaks ruling_____________________________________12

MOBILE/WI-FI...........................................................................................................................................................12Privacy and Mobile Technologies: What are the risks - Part II_______________________________________12Most Mobile Users Don't Know if They Have Security____________________________________________13

ODDS & ENDS............................................................................................................................................................13Internet-Law Expert Weighs House Race_______________________________________________________13Did Google steal the Sky for its Earth?_________________________________________________________13Invisible dots left by printers 'breach privacy'____________________________________________________13Public-Safety Interoperability and Digital Cities: What Are the Requirements?_________________________13

ONLINE.......................................................................................................................................................................14College Web site posts sex gossip, hate, rumor___________________________________________________14One Friend Facebook Hasn’t Made Yet: Privacy Rights____________________________________________14

2

Write to Privacy___________________________________________________________________________14Personal Computing: The Internet, These Days__________________________________________________14Web Browsing, Search, And Online Ads Grow More Risky, Google Says_____________________________14

RFID.............................................................................................................................................................................15EU "smart chip" guidelines aim to protect privacy________________________________________________15

SECURITY...................................................................................................................................................................15Researchers Find Way to Steal Encrypted Data__________________________________________________15 Disk encryption may not be secure enough, new research finds________________________________15Research Says Best Info Security Requires Managed Security Services_______________________________15Securing cyberspace among top technological challenges of 21st century, panel says_____________________15The Future of Encryption____________________________________________________________________15Replicating virtual servers vulnerable to attack___________________________________________________16Governance: A Holistic Approach_____________________________________________________________16Executives Reveal Their Top IT Problems in Global IT Governance Survey___________________________16SAFECode on software assurance_____________________________________________________________16Canadian IT pros see few security best practices_________________________________________________16Identity Access Management to See Better Integration_____________________________________________17DNS Inventor Warns of Next Big Threat_______________________________________________________17Mapping out Web apps attacks_______________________________________________________________17Powerful new antiphishing weapon DKIM emerges_______________________________________________17The world of spyware evolves________________________________________________________________17

SEMINARS..................................................................................................................................................................18

PAPERS.......................................................................................................................................................................18Enterprise@Risk: 2007 Privacy & Data Protection Survey_________________________________________18The Future of Reputation: Gossip, Rumor, and Privacy on the Internet________________________________18Ponemon Institute: 2008 National Survey on Access Governance____________________________________18Wireless Security: Past, Present and Future_____________________________________________________18

3

ARTICLE SUMMARIES AND LINKS

BIOMETRICSFirst Nation Ojibway in Canada to Use Bio-ID Cards for Border-Crossing ControlThe Garden River First Nation (an Ojibway Tribe of North American Indians), headquartered at the eastern boundary of the city of Sault Sainte Marie, Ontario, Canada, has signed an agreement to license and use Veritec's 2-D VSCode Biometric technology for multi-purpose cards which will serve as Tribal Member ID, Border-crossing (from and to Ontario, Canada) control and passport-backup ID cards. The technology stores the individual's fingerprint minutiae in the 2-D VSCode, which is robust, compact and low cost.http://www.govtech.com/gt/articles/264268?utm_source=newsletter&utm_medium=email&utm_campaign=DC_2008_2_19(Government Technology – 2/15/08)

DATA BREACHPersonal data on 28,000 schoolchildren stolen A laptop computer holding a database with personal information on thousands of Newfoundland schoolchildren was among several stolen during a robbery, school officials said Thursday. The database — with information on 28,000 students, most in the St. John's area — includes names, addresses, medicare numbers, phone numbers and the names of guardians, the Eastern School District board said. The four laptops were stolen from the district's offices in Atlantic Place, an office complex in downtown St. John's. The robbery occurred Sunday, but was not reported to the public for four days.http://www.cbc.ca/canada/newfoundland-labrador/story/2008/02/21/student-breach.html(CBC News Canada – 2/21/08)

Data Breaches: A Global DilemmaWhile reporting laws and an insatiable appetite by U.S. consumers for privacy-related news keep data breaches in this country on many people's radar, it's not just a problem in America. Recent widely reported data breaches in the U.K. and Canada highlight the global nature of the problem. In late November, the British government admitted to the loss of computer disks containing detailed personal information on 25 million of the country's citizens as well as an unknown number of bank account identifiers. Some analysts described this incident in published reports as potentially the most significant privacy breach of the digital age.http://business.newsfactor.com/story.xhtml?story_id=10300AJYQAV8(NewsFactor Business Report – 2/19/08)

Irish blood donor records stolen in New YorkA computer containing over 171,000 confidential blood donor records and other files from the Irish Blood Transfusion Service has been stolen. The data, which the Blood Service says was securly encryped, was given to the New York Blood centre in December on a computer disk. It was part of a software upgrading programme for the Irish Service. The laptop with the disk was stolen on 7 February when a member of the New York Blood Centre was mugged outside his home. http://www.rte.ie/news/2008/0219/blood.html(RTE News – 2/19/08)

A&M posted 3,000 people's personal dataA computer file containing the names and Social Security numbers of 3,000 current and former Texas A&M University agricultural employees was inadvertently posted online and accessible to the public for three weeks. Texas A&M administrators said the personal information could not be directly viewed on Web pages, but was obtainable through sophisticated software designed to search databases and hijack such information. http://www.theeagle.com/local/A-amp-amp-M-posted-3-000-people-s-personal-data(Bryan-College Station, TX Eagle – 2/16/08)

4

Stolen hardware held DWP employees' personal informationComputer equipment containing the private financial data of every employee of the Los Angeles Department of Water and Power was stolen earlier this week, prompting the utility to pay for a credit monitoring service for each of its 8,275 workers. DWP General Manager H. David Nahai sent employees an e-mail and an interoffice memo Wednesday informing them that computer equipment containing each worker's name, date of birth, Social Security number, employee identification number and deferred compensation balance was stolen from a private DWP contractor.http://www.latimes.com/news/local/los_angeles_metro/la-me-dwp16feb16,1,4402707.story?ctrack=1&cset=true(Los Angeles Times – 2/16/08)

Ft. Lauderdale Dumpster Becomes A Treasure TroveIn the information age, theft has clearly taken on a new meaning, with the possession of personal info, credit cards, and social security numbers as the key for many high tech crooks to strike it rich. One Ft. Lauderdale dumpster proved to be a treasure trove of documents with such information--readily available for anyone who passed by--so the police are investigating. Outside a University of Phoenix Building in Ft. Lauderdale, files and paperwork belonging to the defunct First Magnus Financial at 550 West Cypress Creek Road were just lying inside stacked boxes inside an industrial garbage container, available for anyone to peek at. The paperwork contains some of the most sensitive information a consumer could posses: Social Security numbers, credit card information, addresses, properties, etc.http://cbs4.com/local/Ft.Lauderdale.Trash.2.655638.html(CBS4 Ft. Lauderdale, FL – 2/15/08)

E-COMMERCELexisNexis Parent Set to Buy ChoicePoint Publishing company Reed Elsevier, owner of the LexisNexis Group, is seeking to acquire commercial data broker ChoicePoint in a $4.1 billion cash deal that would create a global information-gathering powerhouse that would collect and analyze billions of records about who people are, where they live and with whom, and what they own. With customers including government agencies, insurance companies, banks, rental apartments, corporate personnel offices and private investigators, the combined company's reach would extend from national security offices to the living rooms of ordinary Americans. Both companies have played key roles in law enforcement, homeland security and intelligence. Both have also had identity-theft and security problems. http://www.washingtonpost.com/wp-dyn/content/article/2008/02/21/AR2008022100809.html(Washington Post – 2/22/08)

HP Settles With Journalists Over PretextingHP (Hewlett-Packard) on Wednesday reached a financial settlement with the New York Times and four reporters who were spied upon as part of a scandal dating back to 2006 that brought about the downfall of the company's chairwoman, Patricia C. Dunn, along with several high-ranking executives. The reporters were BusinessWeek's Peter Burrows, Ben Elgin and Roger Crockett, along with the Times's John Markoff, on whose behalf a claim was pursued by the Times itself. The dispute was settled privately, without any lawsuit. None of the parties involved disclosed the amount of the settlement. http://www.ecommercetimes.com/story/HP-Settles-With-Journalists-Over-Pretexting-61686.html?welcome=1203331507&welcome=1203701834(E-Commerce Times – 2/14/08)

Chinese hacker steals user information on 18 MILLION online shoppers at Auction.co.krA Korean e-commerce site was hacked and a staggering number of record, 18 million, where stolen. In the US this would be front news. We don't know if it was front news in Korea, but did not get to the international media. The attack description is vague but can be best described as session hijacking. This incident is a great example of the lack of sufficient international coverage at WHID. Help us by sending us non English incidents! After all, it is not English speakers only that get hacked, but rather us, the WHID maintainers that speak only this language. http://www.webappsec.org/projects/whid/byid_id_2008-10.shtml(Web Application Security Consortium – 2/12/08)

5

EDITORIALS & OPINIONPrivacy and Behavioral Targeting: How Much Data Is Too Much?I grew up in the direct response industry, where everything can be tracked and measured. Behavioral targeting is an old concept: list segmentation and databases, and predictive modeling had that down decades ago. With the onset of behavioral targeting online, the concept takes on new meaning. Consumers feel that Big Brother is looming as the technology become more sophisticated. ISPs are among those jumping into the fray, truly testing whether tracking a consumer's behavior will be accepted. http://www.clickz.com/showPage.html?page=3628481(clickz.com – 2/20/08)

Chaotic Approach to Privacy Hurting USThe US is badly lagging the rest of the world on privacy legislation and apparently doesn't care. This lack of interest in meeting international privacy standards is starting to hurt the US and could hurt the country even more down the track. Canada is already reluctant to export data to the United States for processing in some circumstances, notes US privacy expert Robert Gellman, prompted in part by fears that the draconian USA PATRIOT Act (which gives intelligence officers unprecedented surveillance powers) will comprise the privacy of Canadian citizens. http://www.csoonline.com.au/index.php/id;1898404411;fp;16;fpid;1(CSO Online – 6/07)

EDUCATION

EMPLOYEE

FINANCIAL

GOVERNMENT – U.S. FEDERALBlack Hat Conference: Experts Develop Cybersecurity Recommendations For Next President A group of 40 former and current government cybersecurity experts has convened to put together a series of cybersecurity recommendations for the next U.S. president, members of the think-tank-sponsored Cyber Commission for the 44th President said Wednesday at the Black Hat security conference in Washington, D.C. "This is no longer a boutique issue," said James Lewis, director of the technology and public policy program for the Center for Strategic and International Studies. "It has to be a part of the thinking about national security from this point on. This is one of the central issues for national security and we want to make sure it doesn't go away."http://www.informationweek.com/security/showArticle.jhtml?articleID=206800855&cid=RSSfeed_TechWeb(Information Week – 2/20/08)

Military Aims To Seal Leaky NetworksThe U.S. Navy got a grim lesson in information security in October 2000, when a bomb ripped through the side of the USS Cole, killing 17 sailors. "Somebody knew somehow that the ship was going to be there," said Jim Granger, technical director for the U.S. Navy's Cyber Defense Operations Command. While the incident wasn't tied to any sort of network security breach, it did highlight the importance of keeping data out of the wrong hands. To help minimize future leaks, military and academic researchers are looking for ways to better secure networks, including techniques for understanding the thought processes of network intruders. http://www.investors.com/editorial/IBDArticles.asp?artsec=17&artnum=3&issue=20080219 (Investors.com – 2/19/08)

6

ISP blunder exposes entire domain's worth of e-mail to FBIA classified report written by the Office of the Inspector General (OIG) that was obtained by the Electronic Frontier Foundation (EFF) through a Freedom of Information Act (FOIA) lawsuit reveals that an unnamed Internet service provider gave federal law enforcement agents access to e-mail records for an entire domain even though the Foreign Intelligence Surveillance Court had only authorized surveillance of a single address from the domain. The document, which has been published by the EFF, indicates that the incident resulted from miscommunication. The FBI discovered the ISP's negligence when the agency's Engineering Research Facility detected a surge in data collection. http://arstechnica.com/news.ars/post/20080218-isp-blunder-exposes-entire-domains-worth-of-e-mail-to-fbi.html(ArsTechnica – 2/15/08)

Defense, GSA lead way on encryption technologyThe federal government is embracing new forms of encryption technology to safeguard private and other sensitive information stored on laptops and thumb drives. The Defense Department and General Services Administration on Tuesday announced a partnership to purchase the latest in data-at-rest technology to address the agencies' data encryption needs. According to a press release, the Data-At-Rest Tiger Team (DARTT) was able to secure $73 million in data-at-rest products for only $15 million. Data-at-rest refers to information that has been downloaded and is sitting statically on devices like thumb drives, BlackBerrys and laptops not connected to the network.http://govexec.com/dailyfed/0208/021408n1.htm(Government Executive – 2/14/08)

GOVERNMENT – U.S. STATES

HEALTH & MEDICALGoogle to store patients' health records in test of new serviceGoogle Inc. will begin storing the medical records of a few thousand people as it tests a long-awaited health service that's likely to raise more concerns about the volume of sensitive information entrusted to the Internet search leader. The pilot project to be announced Thursday will involve 1,500 to 10,000 patients at the Cleveland Clinic who volunteered to an electronic transfer of their personal health records so they can be retrieved through Google's new service, which won't be open to the general public.http://www.siliconvalley.com/news/ci_8323969(Silicon Valley – 2/21/08)

Health data storage sites might not be secureThe World Privacy Forum is warning consumers about the potential pitfalls of using newly popular services that consolidate personal health records - especially when they're kept by companies that are not subject to current federal regulations on privacy and security. "Consumers need to know that not all (vendors) protect privacy in the same way," said Pam Dixon, executive director of the San Diego nonprofit group, which is issuing its report today. http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2008/02/20/BU9UV5405.DTL&type=tech(San Francisco Chronicle – 2/20/08)

Privacy group sounds alarms over personal health records systemsIn some cases, people whose health care information is stored in online personal health records (PHR) systems may be exposed to serious data privacy risks, according to a warning issued by a privacy advocacy group. That's because not all PHR systems are covered by the federal Health Insurance Portability and Accountability Act, the World Privacy Forum said in a 16-page report released today. The WPF contended that as a result, many of the privacy protections offered under the HIPAA statute don't apply to the personal health care data being maintained in such systems.

7

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=legislation_regulation&articleId=9063718&taxonomyId=70&intsrc=kc_top (Computer World – 2/20/08)

Attacks on health care organizations up 85 percentAttempted cyberattacks on health care organizations have increased 85 percent in the past year, according to SecureWorks, a software-as-a-service vendor. The company's health care clients have been targeted 20,630 times per day during the second half of 2007 and January of this year, a significant increase over the average rate of 11,146 times per client per day during the first half of 2007, according to a recent release.http://www.scmagazineus.com/Attacks-on-health-care-organizations-up-85-percent/article/105312/(SC Magazine – 2/14/08)

IDENTITY THEFTBe concerned over financial privacy issue [Arizona]What's the value of your financial privacy? You know, things like your checking account and banking records. For most of us, the less others know, the better. That's why it comes as such a surprise that Arizona rates near the bottom of states when it comes to protecting such privacy. According to the Federal Trade Commission, Arizona is the No. 1 state for identity theft. And a private research firm reports that the identity of one in six Arizona adults was stolen in the past five years. So, it was a good first step when the Arizona Legislature passed legislation in 2007 to limit the release of personal information available in public records. This legislation protected against sensitive information like Social Security numbers being released by government bodies. However, it's not just identity thieves Arizonans should be worried about. Government employees are legally allowed to access the personal financial records of citizens. Most states protect against potential abuse of this law, but Arizona does not.http://www.azcentral.com/arizonarepublic/viewpoints/articles/0217vip-barr0217.html(AZCentral.com – 2/17/08)

The web is less risky than phone or mail for identity theft, survey findsDespite media hype about Internet security, traditional communications channels pose the biggest risk of theft of personal and financial information, according to the 2008 Identity Fraud Survey report from Javelin Strategy and Research. Online access—including online purchases and transactions at 2%, phishing at 4% and computer viruses, spyware and PC hackers at 8%—together were the source of 14% of cases of identity fraud among fraud victims who knew how their information had been obtained, according to Javelin’s annual survey.http://www.internetretailer.com/dailyNews.asp?id=25389 (InternetRetailer.com – 2/14/08)

INTERNATIONAL

AFRICASOUTH AFRICAData privacy Bill in suspended animation Government is making haste slowly to enact the Protection of Personal Information Bill that will fundamentally alter the way companies handle data related to clients and staff. Once law, the legislation will help protect people from criminals by holding companies and individuals, who fail to take adequate steps to protect other people's private information, legally liable. In terms of the proposed law, companies, for example, will be required to notify all customers affected by security breaches that could result in identity theft. Offenders could face up to 10 years in prison, as well as fines and punitive damages.http://www.itweb.co.za/sections/business/2008/0802201052.asp?O=FPTOP&S=Legal%20View&A=LEG(ITWeb – 2/20/08)

8

ASIA/PACIFICAUSTRALIAPolice's CCTV plan 'violates privacy rights'A plan by police to access footage from tens of thousands of closed circuit television (CCTV) cameras violates basic rights to privacy, a human rights group says. NSW (New South Wales) Police launched a state-wide register today, calling for large and small businesses with CCTV cameras to provide their details for the program. But spokesperson for Civil Liberties Australia, Max Jeganathan, said while rights of privacy will always conflict with certain law enforcement objectives the plan had all the hallmarks of a "police state".http://news.ninemsn.com.au/article.aspx?id=381118(National Nine News (Australia) – 2/18/08)

War on music piracyAs the internet threatens to kill the established music industry, the Rudd Government is considering a three-strikes policy against computer users who download songs illegally. The Government will examine new legislative proposals being unveiled in Britain this week to target people who download films and music illegally. Internet service providers (ISPs) there might be legally required to take action against users who access pirated material. The music industry estimates 1 billion songs were traded illegally by Australians last year.http://www.smh.com.au/news/technology/rudd-to-tackle-illegal-music-downloaders/2008/02/16/1202760662778.html(Sydney Morning Herald – 2/17/08)

Australian businesses may be forced to publicly admit data breachesAustralia’s Privacy Commissioner would be given new powers to enforce the mandatory reporting of data breaches under proposed amendments to the Privacy Act. Under the proposed changes, Australian businesses will be forced to publicly detail data breaches. The Australian Law Reform Commission (ALRC) has submitted recommendations to reform the Privacy Act in an 800 page discussion paper with 301 proposals. The reforms will likely give the Privacy Commissioner new powers to amend legislation to facilitate emerging technologies including biometrics, data warehousing of customer information and high profile breaches of sensitive data. http://www.itworldcanada.com/a/News/2a75ef4d-25ef-4941-8e52-d9000e2f286d.html(Computerworld Australia – 2/14/08)

NEW ZEALANDPrivacy of national registers questionedThe Law Commission wants a year long review of all public registers in the country to ensure they protect privacy. It wants over a hundred public lists looked at, including rates databases, dog , transport and company registers, electoral rolls, and births, deaths and marriages. Law Commission president Sir Geoffrey Palmer says such registers need to be open to the public for all sorts of reasons, from tracing fraudulent company directors to locating a qualified plumber. But he says the information they contain needs to be protected so it cannot be used for more dubious purposes, such as identity theft or harassing people.http://www.newstalkzb.co.nz/newsdetail1.asp?storyID=132558(News Talk ZB – 2/19/08)

EUROPEEUROPEAN UNIONEU regulators skeptical on Microsoft's plan to share technologyEuropean Union regulators are expressing skepticism over Microsoft's latest offer to share more information about its products and technology. The EU said in a statement Thursday it has seen four other similar statements in the past from the world's largest software maker. Earlier Thursday, Microsoft announced it will be publishing technical information about its products to ensure interoperability with rivals' offerings. It won't make software developers obtain a license or pay royalties or other fees.http://www.siliconvalley.com/news/ci_8325169(Silicon Valley – 2/21/08

9

BULGARIACo-Ruling Party Opposes Data-Retention RegulationThe regulation from the Interior Ministry and the State Agency for Information Technologies and Communications (SAITC), which implements the EU data-retention directive, was unconstitutional and should at the very least be changed, if not scrapped all together, Dnevnik daily quoted unnamed members of Parliament (MPs) of National Movement for Stability and Progress (NMSP) as saying. NMSP MPs were not planning to file a complaint with the Supreme Administrative Court (SAC) yet, wanting to hear first Interior Minister Roumen Petkov and SAITC head Plamen Vachkov. The regulation would not come into force until next year anyway, so there would be enough time to appeal and if no one else filed a complaint, the NMSP would, MPs said.http://www.sofiaecho.com/article/co-ruling-party-opposes-data-retention-regulation/id_27563/catid_66(Sofia, Bulgaria Echo – 2/15/08)

LIECHTENSTEINLiechtenstein details stronger privacy rulesThe government of Liechtenstein on Wednesday detailed plans to strengthen privacy guarantees for the investment vehicles at the center of a tax evasion scandal in Germany, a move that might prevent this tiny Alpine country from exiting a short black-list of international tax havens. The proposal, which will be submitted to Parliament after government approval, was aimed at clarifying the sometimes murky regulations governing Liechtenstein-based foundations, which are similar to trusts in the English-speaking world. Foundations established for charitable purposes would be separated from those set up by families as a way to preserve inherited fortunes, for example, the government said.http://www.iht.com/articles/2008/02/21/business/21privacy.php (International Herald Tribune – 2/21/08)

UNITED KINGDOMISPs could face piracy sanctionsInternet service providers must take concrete steps to curb illegal downloads or face legal sanctions, the government has said. The proposal is aimed at tackling the estimated 6m UK broadband users who download files illegally every year. The culture secretary said consultation would begin in spring and legislation could be implemented "by April 2009". http://news.bbc.co.uk/2/hi/technology/7258437.stm(BBC – 2/22/08)

MIDDLE EAST

NORTH AMERICA

SOUTH AMERICA

LEGISLATION – FEDERALBush says nation in more danger because Congress hasn't extended spy law With a government eavesdropping law about to expire, Washington is awash in accusations over who's to blame. President Bush said Friday that "our country is in more danger of an attack" because of Congress' failure to adopt a Senate bill that would have renewed a law that made it easier for the government to spy on foreign phone calls and e-mails that pass through the United States. That bill also would have shielded from lawsuits telecommunications companies that helped the government wiretap U.S. computer and phone lines after the Sept. 11 terrorist attacks without clearance from a secret court that was established specifically to oversee such activities. In its competing version of the legislation, the House intentionally left out that feature.http://www.siliconvalley.com/news/ci_8274090?nclick_check=1(SiliconValley.com – 2/15/08)

10

Privacy: Less and less is the trendAs part of a broader surveillance bill, the Senate has approved a bill that would give phone companies broad immunity in turning over customer information to the government. It also would give them immunity from liability if they participated in wiretapping during the past five years. All the government would have to do is ask. No warrants, no judicial oversight. Anyone with a dial tone or a handset could be a target. This is all being done in the name of national security.http://www.chron.com/disp/story.mpl/business/steffy/5546747.html(Houston Chronicle – 2/15/08)

White House objects to plan for .gov P2P securityThe Bush administration on Thursday questioned a proposed law that would force federal agencies to develop specific plans for guarding government computers and networks against "risks" posed by peer-to-peer file sharing. The Democratic-sponsored bill, called the Federal Agency Data Protection Act, contains a section asking federal agencies to report to Congress what "technological" (e.g., software and hardware) and "nontechnological" methods (such as employee polices and user training) they would employ to ensure peer-to-peer file-sharing programs do not harm the security of government systems. http://www.news.com/8301-10784_3-9872366-7.html(CNet News – 2/14/08)

LEGISLATION – STATEALASKAPrescription drug database proposed: Bill sponsored raises concerns over personal privacy A measure now before the Alaska Senate would authorize the Board of Pharmacy to create and keep a detailed record of which Alaskans are using prescription drugs. Senate Bill 196, sponsored by Senate President Lyda Green and a bipartisan group of lawmakers, seeks to establish a controlled substance prescription database in the pharmacy board that would include a record of every prescription written in the state for medicines controlled under state and federal law. It could be ready for a floor vote Monday. http://www.peninsulaclarion.com/stories/021708/news_4277.shtml(Peninsula Clarion – 2/17/08)

CONNECTICUTBoard Hears Report on Plans for E-Waste at Transfer StationSelectman Tom O'Neil presented information to the board on electronic waste. He said he attended a meeting with the Connecticut Council of Municipalities. Mr. O'Neil explained that e-waste must be locked at the transfer station to prevent the possibility of identify theft. While e-waste is at the transfer station, the town is responsible for its protection. Once the e-waste is picked up by a company, that company is then responsible for erasing any personal data from computer systems, Mr. O'Neil said.http://www.zwire.com/site/news.cfm?newsid=19301110&BRD=1380&PAG=461&dept_id=157533&rfi=6(zwire.com – 2/15/08)

KENTUCKYProposed Law Would Protect Kentuckians From Identity TheftAttorney General Jack Conway and Representative Robin Webb of Grayson filed legislation Friday that will help protect the identities of Kentuckians and update laws to keep pace with changes in technology. The bill is cosponsored by Rep. Jim Glenn of Owensboro and Rep. John Vincent of Ashland. The law will require businesses to notify residents if their personal information, such as a bank-account number or social-security number, has been compromised by improper disposal of paper records or an online security breach. Businesses must take reasonable steps to protect and properly dispose of personal information. If information is compromised, businesses could be civilly liable for losses incurred by consumers. House Bill 553 will also require businesses to keep Social Security numbers hidden in mailings, remove as identification numbers on benefit cards and require security measures for websites where consumers enter their Social Security numbers.http://www.wkyt.com/news/headlines/15667617.html (WKYT – 2/15/08)

11

WASHINGTONWashington State House Gives Nod to Privacy Bill The state's house of representatives approved a bill that would make RFID "skimming" a felony and prohibit capturing data from an RFID tag in an identity card without the cardholder's permission. A revised version of legislation intended to protect the privacy of individuals using RFID tags with "unique personal identifier numbers" passed the Washington State House of Representatives on Wednesday. House Bill (HB) 1031—intended to limit collection of personal information from an RFID tag without the tag holder's knowledge or consent—passed with 69 to 27 votes. http://www.rfidjournal.com/article/articleview/3928/1/1/ (RFID Journal – 2/15/08)

LITIGATION & ENFORCEMENT ACTIONSExperian Sues LifeLock, Alleges FraudCredit bureau Experian is suing the identity theft prevention firm LifeLock, accusing it of deception and fraud in its familiar advertising campaign, which includes a spot in which CEO Todd Davis reveals his Social Security number and then brags about the effectiveness of the company’s protections. In the lawsuit, filed in U.S. District Court on Feb. 13, Experian contends that LifeLock's advertising is misleading and that the firm is breaking federal law in the way it goes about protecting consumers. Lifelock CEO Davis, in an interview with msnbc.com on Wednesday, called the lawsuit baseless and said that Experian is simply upset that his firm is challenging its business model.http://redtape.msnbc.com/2008/02/experian-sues-l.html(MSNBC – 2/20/08)

Privacy case is rejected by court: U.S. wiretapping battle now overIn a blow to civil rights advocates, the U.S. Supreme Court declined Tuesday to review a landmark case originating in Detroit that challenged the Bush administration's domestic surveillance program. The decision was a victory for the White House but a setback for privacy activists who thought the government's wiretapping efforts violated the U.S. Constitution. The court's ruling brought to an end two years of battles over what was the first legal challenge to the U.S. government's warrantless surveillance program.http://www.freep.com/apps/pbcs.dll/article?AID=/20080220/NEWS05/802200302(Free Press – 2/20/08)

Whistle-blower site taken offline A controversial website that allows whistle-blowers to anonymously post government and corporate documents has been taken offline in the US. Wikileaks.org, as it is known, was cut off from the internet following a California court ruling, the site says. The case was brought by a Swiss bank after "several hundred" documents were posted about its offshore activities. Other versions of the pages, hosted in countries such as Belgium and India, can still be accessed. However, the main site was taken offline after the court ordered that Dynadot, which controls the site's domain name, should remove all traces of wikileaks from its servers. http://news.bbc.co.uk/2/hi/technology/7250916.stm(BBC – 2/18/08)Also see:

Privacy, civil rights advocates castigate Wikileaks rulinghttp://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9063478(ComputerWorld – 2/20/08)

MOBILE/WI-FIPrivacy and Mobile Technologies: What are the risks - Part IIIn the second part of his series, Tom Riley focuses on the concept of privacy, the legal framework of privacy and individuals and highlights some of the key issues of concern as well as how citizen's fears could be addressed.http://www.egovmonitor.com/node/17209(eGovmonitor – 2/18/08)

12

Most Mobile Users Don't Know if They Have SecuritySecurity vendor McAfee released results of a survey of mobile users focused on their awareness and concerns related to security threats, which showed more than three quarters of respondents don't have any security at all. The survey was conducted on McAfee's behalf by analysis firm Datamonitor and released this week. Respondents were spread evenly between the U.S. the U.K. and Japan. It found 79 percent of mobile device users don't use any antivirus or other security software on their devices at all while 15 percent said they were unsure if their device had security software. http://www.internetnews.com/security/article.php/3728001/Most+Mobile+Users+Dont+Know+if+They+Have+Security.htm(Internet News – 2/13/08)

ODDS & ENDSInternet-Law Expert Weighs House Race Lawrence Lessig, a Stanford University professor who studies the intersection of law and the Internet, said he is considering a run for an open congressional seat in the San Francisco area. Internet experts said Mr. Lessig's candidacy could have impact beyond the Bay area, both from his potential to become a strong advocate on Capitol Hill for Web commerce as well as his blogging to make the political process more accessible to voters.http://online.wsj.com/article/SB120354879337281243.html(Wall Street Journal – 2/21/08)

Did Google steal the Sky for its Earth?A former Google contractor is suing the company for allegedly stealing from him the idea for the Sky layer in Google Earth. The lawsuit filed this week in federal district court in Atlanta seeks punitive damages of US$25 million from Google. Jonathan Cobb claims in his suit that he disclosed the idea for a Google Sky idea in internal e-mail discussion groups when he worked at Google as a contractor beginning in 2006. The Google Earth Sky layer, when it launched in August 2007, was similar in interface and functionality to what he had conceptualised, Cobb claims.http://www.builderau.com.au/news/soa/Did-Google-steal-the-Sky-for-its-Earth-/0,339028227,339286056,00.htm(CNet News – 2/19/08)

Invisible dots left by printers 'breach privacy'European Union justice watchdogs are concerned that "Big Brother" computer printer technology that allows security agencies to track printed documents might breach privacy laws. Most consumers are unaware that many popular colour laser printers, including those made by Brother, Cannon, Xerox and HP, embed almost invisible tracking dots onto documents, uniquely identifying the machine that printed them. Franco Frattini, European Commissioner for Justice and Security, has launched an investigation after receiving official complaints from Euro-MPs. http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2008/02/18/wpriv118.xml(UK Telegraph – 2/19/08)

Public-Safety Interoperability and Digital Cities: What Are the Requirements?The inaugural Public-Safety Interoperability Roundtable at the 15th W2i Digital Cities Convention in Washington, DC, (December 11-12, 2007) provided an early view onto emerging policy requirements for interoperable public-safety networks. Ken Boley, Director of Wireless and Public Safety Programs in the Office of the District of Columbia's CTO, moderated the Roundtable. He kicked off the discussion with an update of the National Capital Region's efforts.http://www.govtech.com/gt/articles/262179?utm_source=newsletter&utm_medium=email&utm_campaign=DC_2008_2_19(Government Technology – 2/11/08)

13

ONLINE College Web site posts sex gossip, hate, rumorJuicyCampus' endless threads of anonymous innuendo have been a popular Web destination on the seven college campuses where the site launched last fall, including Duke, UCLA and Loyola Marymount. It recently expanded to 50 more, and many of the postings show they've been viewed hundreds and even thousands of times.But JuicyCampus has proved so poisonous there are signs of a backlash. In campus debates over Internet freedom, students normally take the side of openness and access. This time, however, student leaders, newspaper editorials and posters on the site are fighting back -- with some even asking administrators to ban JuicyCampus. It's a kind of plea to save the students, or at least their reputations, from themselves.http://www.cnn.com/2008/TECH/02/18/juicy.website.ap/index.html(CNN – 2/18/08)

One Friend Facebook Hasn’t Made Yet: Privacy Rights A co-worker apologized to me recently for being slow on a task. “It’s probably just your insomnia from last night,” I said. She was confused about how I knew, but I reminded her we were Facebook friends, and that she had posted a “status update” about her sleeplessness. It’s a common phenomenon: people “friending” work colleagues on Facebook and then discovering that — as Seinfeld’s George Costanza would melodramatically put it — “worlds collide.” I gained all sorts of insights into another young co-worker when her college friends left reminiscence-filled birthday wishes on her Facebook “wall.”http://www.nytimes.com/2008/02/18/opinion/18mon4.html?_r=1&ref=opinion&oref=slogin(New York Times – 2/18/08)

Write to PrivacyThe author of "The Princess Diaries" has teamed up with the American Library Association to hold events across the country for young people who want to learn more about airing their thoughts in writing the traditional way: with a pen. The lack of privacy among teenagers online is a growing area of concern, and experts say there's a fine line between healthy expression and TMI (too much information). They say posting thoughts online can leave teens overexposed to potential bullies, college admissions officers, predators - or just offended friends and loved ones.http://www.gadsdentimes.com/article/20080217/NEWS/802170301/1016/NEWS(Associated Press – 2/17/08)

Personal Computing: The Internet, These DaysThe latest round of statistics about the Internet presents an intriguing picture about how this international medium is evolving. Some of the stats are as expected, but some are surprising. For help with common problems, more Americans now use the Internet than consult experts or family members, according to the latest Pew Internet Project survey. Fully 58 percent of those surveyed use the Internet compared with 53 percent who turn to professionals such as doctors, lawyers or financial experts and 45 percent who seek out friends and family members. The Pew survey indicated that 77 percent of American now have Internet access, with 64 percent having broadband access and 13 percent having slower dial-up access. Those with dial-up access in general are poorer, older and less well-educated than those with broadband access and are more likely to rely on television and radio for information than broadband users.http://www.govtech.com/gt/articles/263376?utm_source=newsletter&utm_medium=email&utm_campaign=DC_2008_2_19(Government Technology – 2/14/08)

Web Browsing, Search, And Online Ads Grow More Risky, Google SaysWeb browsing and searching are becoming increasingly risky activities, according to a report published by Google on Tuesday. "In the past few months, more than 1% of all search results contained at least one result that we believe to point to malicious content and the trend seems to be increasing," said Niels Provos, a security engineer at Google (NSDQ: GOOG), in a blog post. Provos said that in the year and a half since Google began tracking malicious Web pages, the company has found more than 3 million unique URLs on more than 180,000 Web sites that attempt to install malware on visitors' computers. http://www.informationweek.com/news/showArticle.jhtml?articleID=206501894(Information Week – 2/12/08)

14

RFIDEU "smart chip" guidelines aim to protect privacy"Smart" chips embedded in items ranging from pets to retail products will have to be deactivated at the point of sale to protect purchasers' privacy under draft guidelines proposed on Thursday by the European Commission. A public consultation is being launched into the "soft law" guidelines that EU Information Society and Media Commissioner Viviane Reding hopes will be adopted by the European Union executive to be applied in all the bloc's 27 member states. The guidelines seek to strike a balance between protecting privacy and allowing new technologies to flourish, a Commission spokesman said.http://www.reuters.com/article/technologyNews/idUSL2181342720080221(Reuters – 2/21/08)

SECURITYResearchers Find Way to Steal Encrypted Data A group led by a Princeton University computer security researcher has developed a simple method to steal encrypted information stored on computer hard disks. The technique, which could undermine security software protecting critical data on computers, is as easy as chilling a computer memory chip with a blast of frigid air from a can of dust remover. Encryption software is widely used by companies and government agencies, notably in portable computers that are especially susceptible to theft.http://www.nytimes.com/2008/02/22/technology/22chip.html?ref=business(New York Times – 2/22/08)Also see:

Disk encryption may not be secure enough, new research findshttp://www.news.com/8301-13578_3-9876060-38.html?tag=nefd.lede (CNet News – 2/21/08)

Research Says Best Info Security Requires Managed Security ServicesNew research from Aberdeen Group, a Harte-Hanks Co., reveals that the organizations getting the best information security performance include some managed security services as part of their defense. The new report, "Best Practices in Choosing and Consuming Managed Security Services," provides insight gleaned from close to 200 survey respondents, supplemented with in-depth interviews with veteran consumers of managed security services.http://securitysolutions.com/news/managed-security-research-0219/(Security Solutions – 2/19/08)

Securing cyberspace among top technological challenges of 21st century, panel saysNational Academy of Engineering panel of big thinkers, including Google co-founder Larry Page, has identified 14 top technological challenges for this century and securing cyberspace is among them. "[S]ince we live in an increasingly networked virtual world, cybersecurity is a fundamental engineering challenge," says Rob Socolow, a professor of mechanical and aerospace engineering at Princeton University and a panel member. http://www.networkworld.com/news/2008/021908-top-technological-challenges.html(Network World – 2/19/08)

The Future of EncryptionIn today’s world the protection of sensitive data is one of the most critical concerns for organizations and their customers. This, coupled with growing regulatory pressures, is forcing businesses to protect the integrity, privacy and security of critical information. As a result cryptography is emerging as the foundation for enterprise data security and compliance, and quickly becoming the foundation of security best practice. Cryptography, once seen as a specialized, esoteric discipline of information security, is finally coming of age.http://www.net-security.org/article.php?id=1113(Net Security – 2/18/08)

15

Replicating virtual servers vulnerable to attackOne of the most attractive features of virtualization -- the ability to replicate virtual servers on the fly to meet demand -- has a big security downside -- from data theft to denial of service -- according to a talk scheduled for the Black Hat DC 2008 conference next week in Washington, D.C. When a virtual machine migrates from one physical server to another, it can be subject to a range of attacks primarily because authentication between machines is weak and the virtual-machine traffic between physical machines is unencrypted, says Jon Oberheide, a Ph.D. candidate at University of Michigan who will present the briefing.http://www.networkworld.com/news/2008/021508-replicating-virtual-servers.html(Network World – 2/15/08)

Governance: A Holistic ApproachOne of the greatest benefits of adopting a holistic governance, regulation and compliance approach is that the process brings otherwise siloed corporate functions together to identify potential governance issues, business risks and compliance challenges. Rather than assembling response teams during a crisis, companies instituting enterprise-wide GRC controls collaborate to identify potential risks.http://www.ecommercetimes.com/story/Governance-A-Holistic-Approach-61674.html?welcome=1203368273(E-Commerce Times – 2/14/08)

Executives Reveal Their Top IT Problems in Global IT Governance Survey Insufficient IT staff availability, service delivery issues, and difficulty proving the value of information technology (IT) continue to plague executives at organizations around the world, according to a new report by the nonprofit, independent IT Governance Institute (ITGI). ITGI commissioned a global survey of 749 CEO-/CIO-level executives in 23 countries to determine executives’ IT governance priorities and the IT-related problems their organizations have faced. According to the IT Governance Global Status Report 2008, which is available as a complimentary download at www.itgi.org, 58 percent of respondents noted an insufficient number of staff, compared to 35 percent in 2005. Also, 48 percent said that IT service delivery problems remain the second most common problem, and 38 percent point to problems relating to staff with inadequate skills. Thirty percent of respondents also reported problems anticipating the return on investment (ROI) for IT expenditures. http://www.businesswire.com/portal/site/google/index.jsp?ndmViewId=news_view&newsId=20080213005009&newsLang=en(Business Wire – 2/13/08)

SAFECode on software assuranceSoftware Association Forum for Excellence in Code outlines core practices for secure software development. An information technology industry group formed to develop and share best practices for secure software development has released its first paper, outlining the core practices being used by member companies. The Software Association Forum for Excellence in Code (SAFECode) was announced in October as a way to enhance communications between software companies. Many companies have internal programs to improve the quality of the code they are producing, but a lack of communications has limited their effectiveness, said former White House cybersecurity adviser Paul Kurtz, executive director of SAFECode. http://www.gcn.com/online/vol1_no1/45811-1.html(Government Computer News – 2/13/08)

Canadian IT pros see few security best practicesThe Canadian Advanced Technology Alliance (CATAAlliance) has identified a lack of IT security best practices as one of the top challenges faced by IT security professionals, according to a new report. CATA partnered with Microsoft Canada to conduct a survey of 322 IT security professionals across Canada. The primary goal was to determine the security issues that have the greatest impact on IT workers and to learn more about the perceptions IT pros have about the field in which they work. http://www.itworldcanada.com/a/E-Government/7a067626-c8ed-4e35-8154-3fd33f0cb074.html(IT World Canada – 2/12/08)

16

Identity Access Management to See Better IntegrationVendors and analysts say customers can expect to see tighter integration across traditional access management, user provisioning and role management offerings. With the Identity Access Management market poised to grow, its expansion may be coupled with better integration and controls around role, entitlement and identity lifecycle management. IAM tools give customers a level of control and visibility into their assets needed to meet compliance goals, said Joe Anthony, program director of security and compliance management for IBM Tivoli software. The key though, may be to make IAM just one brick in an overall access strategy. Increased integration across security products will make it easier for business to address a wider range of challenges in the traditional areas of IAM, he said, as well as application, infrastructure and data security.http://www.eweek.com/c/a/Security/Identity-Access-Management-to-See-Better-Integration/(eWeek.com – 2/12/08)

DNS Inventor Warns of Next Big Threat It's just a matter of time before a big breach occurs from corrupted DNS resolution, says Paul Mockapetris. The industry is just one multi-million-dollar corporate data breach away from waking up to the serious and often-silent threat of corrupted DNS resolution servers, says DNS inventor Paul Mockapetris. Mockapetris -- who is also chief scientist and chairman of the board for network naming and address vendor Nominum -- says the recent research on corrupted DNS resolution servers by researchers at Georgia Tech and Google demonstrates yet another way the bad guys are attacking DNS to infect users. http://www.darkreading.com/document.asp?doc_id=145663&f_src=darkreading_informationweek(Dark Reading – 2/11/08)

Mapping out Web apps attacks Attackers continue to use well-worn techniques, such as SQL injection, to exploit holes in popular Web applications but have also moved on to other targets, including government sites, and newer exploit methods, such as cross-site request forgery, according to the latest report filed by the Web Applications Security Consortium. The nonprofit industry group released the findings of its annual Hacking Incidents Database report this week, and despite the fact that cyber-criminals are still capable of using familiar means like SQL injection to victimize e-commerce sites and other transactional systems, a growing number of assailants are broadening their efforts and capabilities and going after new sets of targets, the research contends. http://www.infoworld.com/article/08/02/11/Mapping-out-Web-apps-attacks_1.html(InfoWorld – 2/11/08)

Powerful new antiphishing weapon DKIM emergesSpoofers, spammers and phishers, beware. There's a new gun in town, and some of the Internet's most powerful companies -- including Yahoo, Google, PayPal and AOL -- are brandishing it in the ongoing battle against e-mail fraud. The new weapon is called DKIM, an emerging e-mail authentication standard developed by the Internet Engineering Task Force. DKIM, which stands for DomainKeys Identified Mail, allows an organization to cryptographically sign outgoing e-mail to verify that it sent the message. http://www.networkworld.com/news/2008/021108-antiphising.html(Network World – 2/11/08)

The world of spyware evolvesThe spyware community has polarized, a panel of security experts said Thursday at a Washington workshop hosted by the Anti-Spyware Coalition. Adware distributors, under pressure from the Federal Trade Commission and anti-spyware technology, have mostly quit the business or are going legit. But the really bad players are getting worse, producing more stealthy and sophisticated malware. “Nuisance adware is mostly dead,” said FTC Commissioner Jonathan Leibowitz. Venture capital funding of companies that are paid to deliver annoying pop-up ads to your Web browser is largely a thing of the past, Leibowitz said. He pointed to several successful civil actions against major distributors who have since gone out of business or gone straight.http://www.gcn.com/online/vol1_no1/45763-1.html(Global Computer News – 1/31/08)

17

SEMINARSPolitics Online Conference 2008: Focus on PrivacyMarch 4-5, 2008Washington, DChttp://polc.ipdi.org/

First Annual Freedom of Information Day CelebrationMarch 17, 2008.American University Washington College of Law, Washington DChttp://www.wcl.american.edu/secle/founders/2008/031708.cfm

Openthegovernment.org: Government Secrecy: Censoring Your Right to KnowMarch 19, 2008National Press Club, DC http://www.openthegovernment.org/article/subarchive/109

IAPP Privacy SummitMarch 26-28, 2008Washington, D.C.http://www.privacysummit.org/

Future of the Internet Economy - OECD Ministerial MeetingJune 17-18, 2008Seoul, Koreahttp://www.oecd.org/document/19/0,2340,en_2649_37441_38051667_1_1_1_37441,00.html

Conference on Ethics, Technology and Identity. The Hague.June 18-20, 2008. http://www.ethicsandtechnology.eu/ETI

_____________________________________________________________________

PAPERSEnterprise@Risk: 2007 Privacy & Data Protection Surveyhttp://www.deloitte.com/dtt/article/0%2C1002%2Ccid%25253D182733%2C00.html (Deloitte)

The Future of Reputation: Gossip, Rumor, and Privacy on the InternetDaniel J. Solove, Yale University Press, October 2007 http://ssrn.com/abstract=1019177

Ponemon Institute: 2008 National Survey on Access Governancehttp://www.aveksa.com/campaign/2008_Survey_on_Access_Gov.cfm

Wireless Security: Past, Present and Futurehttp://www.codenomicon.com/resources/whitepapers/Codenomicon_Wireless_WP_v1_0.pdf

18