2006 Privacy Year in Review

Both CNet and EPIC have released their Privacy Year in Review for 2006.

Some highlights from CNet’s 2006: A privacy and surveillance year in review:

Gonzales: NSA may tap ‘ordinary’ Americans’ e-mail (February 6, 2006): During Senate hearing, attorney general declines to offer reassurances about a secret surveillance program.

Judge: Google must give feds limited access to records (March 17, 2006): Privacy-aware ruling says search giant must turn over a swath of indexed URLs–but not users’ queries.

Appeals court upholds Net-wiretapping rules (June 9, 2006): Bush administration’s Net surveillance plans receive boost from appeals court, which refused to overturn rules.

Feds appeal loss in NSA wiretap case (July 31, 2006): Bush administration asks the 9th Circuit to halt a lawsuit that accuses AT&T of illegally opening its network to the NSA.

AOL’s disturbing glimpse into users’ lives (August 7, 2006): Release of three-month search histories of about 650,000 users provides rare glimpse into their private lives.

RFID passports arrive for Americans (August 14, 2006): State Department to begin handing out RFID-equipped passports despite lingering security, privacy concerns.

FBI director wants ISPs to track users (October 17, 2006): Robert Mueller becomes latest Bush administration official to call for ISPs to store customers’ data.

FBI taps cell phone mic as eavesdropping tool (December 1, 2006): Agency used novel surveillance technique on alleged Mafioso: activating his cell phone’s microphone and then just listening.

And EPIC’s Top 10 Privacy Stories of 2006:

Millions of Military Records Go Missing: In 2006, a stolen laptop with the records of 27 million American veterans and active duty military personnel gripped the nation and produced Congressional hearings, new legislation, and new policies for government employees who take their work home with them. Veterans Affairs Secretary Jim Nicholson tried to explain to Congress why it took almost two weeks before he was notified about the missing data which included information on 1.1 million active service members, 430,000 National Guardsmen, 645,000 Reserve members and the names, birth dates and Social Security numbers of about 26 million people, most of them veterans.

Identity Theft Keeps Top Spot: The Federal Trade Commission once again found identity theft leading the list of the Top 10 consumer complaints, accounting for 255,000 of the 686,000 complaints filed with the agency. That is the sixth year in a row that identity theft topped the list. The FTC also found an increase in child ID theft, wire transfer payment fraud, and that Internet-related complaints accounted for 46 percent of all fraud complaints.

NSA Domestic Spying: Last year, news reports revealed that President Bush secretly issued an executive order in 2002 authorizing the National Security Agency to conduct warrantless surveillance of international telephone and Internet communications on American soil. In May, USA Today reported that US telephone companies turned over records on millions of American citizens to the government without any judicial oversight. Then in August a federal judge ruled that the government’s warrantless wiretapping program is unconstitutional. Judge Anna Diggs Taylor said the program violates the rights to free speech and privacy as well as separation of powers. Recent release of Pentagon documents shows that counterterrorism resources were used to monitor American peace groups opposed to the war in Iraq and military recruitment.

H-P Spy Scandal: We hate to admit it, but the Hewlett-Packard spy scandal was one of the top privacy stories of the year. Who would have imagined that the directors of Silicon Valley’s high-tech icon would send private investigators to dig into the telephone records of board members and journalists? Still, we wonder if government agents sifting through the phone records of millions of American citizens without judicial oversight would have provided a better reason to hold primetime Congressional hearings.

Choicepoint Gets Privacy Religion: In 2005 the data broker and former recipient of a Big Brother Award was caught selling personal information about 185,000 American consumers to a criminal ring engaged in identity theft. In 2006, the company was hit with a $15 million fine, the largest penalty in Federal Trade Commission history. Then Choicepoint went on a privacy campaign, providing consumers with rights to access certain records and cutting back on some of its more egregious business practices.

Passenger Profiling and Terrorist Scoring: Congress suspended the Secure Flight program after significant privacy and security risks were uncovered. Meanwhile, the Department of Homeland Security revealed that a “risk assessment” program, which is essentially a terrorist risk rating, was expanded from screening shipping cargo to scrutinizing travelers. The Automated Targeting System mines a vast amount of data to create a “risk assessment” on hundreds of millions of people per year, a label that will follow them for the rest of their lives, as the data will be retained for 40 years. According to a report by the Government Accountability Office more than 30,000 travelers have already been mistakenly linked to names on terror watch lists when they crossed the border, boarded commercial airliners or were stopped for traffic violations.

Digital Strip Searches: Sky Harbor International Airport located in Phoenix is slated to be the first US airport to field test a new “backscatter X-ray” system. The screening machines, which were supposed to be operational by mid-December, have already been plagued with technical difficulties that have delayed the testing period until sometime in 2007. The backscatter machines produce photo-quality images of metal, plastic and organic materials underneath clothes by using low-radiation X-rays, which reveal not only prohibited items but also medical details such as prosthetic devices and old injuries. The fact that the machines are designed to record and store images has largely escaped notice by the mainstream media.

Europeans Battle US Over Privacy: Tension over data sharing between Europe and the US was highlighted in disputes over the transfer of European financial records and European travel records to the US government. European privacy officials concluded that SWIFT violated data protection laws when it secretly transferred records of millions of private financial transactions to American intelligence agencies. The European Court of Justice struck down the passenger name record deal that allowed the transfer of personal information on European travelers to the US government.

Congress Passes Phone Pretexting Bill: Last summer, Hewlett-Packard’s use of pretextng to investigate directors and journalists sparked renewed Congressional interest in the technique to obtain personal information by fraudulent means. So Congress passed the Law Enforcement and Phone Privacy Protection Act, which creates federal criminal penalties for pretexters who access telephone records – including voice-over-IP calling records. However, the bill only applies to phone records, and it provides an exemption for law enforcement, which means that law enforcement officials can bypass the judicial subpoena process and use false and fraudulent representations to gain access to the telephone records.

National ID Cards: Last year’s passage of the Real ID Act has resulted in much criticism from individual states, who will now bear the cost of meeting the federal government’s standard for issuing state driver’s licenses and identification cards. States have also noticed that the records retention and information sharing requirements of Real ID could trump the Drivers Privacy Protection Act. With less than 18 months to go before the deadline for state compliance, the Department of Homeland Security has still not released the Real ID Act Regulations.