Privacy laws protecting bank account holders are more important than providing information to aid in copyright enforcement, according to a Dutch court ruling this week.

The Dutch ING Bank doesn't have to reveal who has access to a bank account, the number for which is posted on the website FTD World, the Amsterdam district court ruled.

FTD World, at ftdworld.net, is a Usenet-indexing website that lists links to binary files posted on Usenet. It also provides files in the NZB format listing that allows users to download the posted files more easily. By doing this, the site provides access to copyrighted entertainment files including books, movies, music, games, and software without the permission of the copyright holders, according to Dutch anti-piracy foundation Brein.

Brein wanted the court to force ING Bank to reveal who is behind a bank account number posted to the site that is used to receive donations, according to the verdict published by the court on Thursday. It had previously been unable to track down the domain name registrant and had received no reply to a letter sent to the Russian hosting provider.

To read this article in full or to leave a comment, please click here

E-commerce trade group NetChoice takes aim at state legislation—and at open access and privacy advocates—in the newest list of bills it deems would be awful for the Internet.

Topping NetChoice’s latest iAWFUL (Internet Advocates’ Watchlist for Ugly Laws) list are a number of California proposals aimed at protecting privacy that would create regulations for Internet companies. In some cases, the proposals are contradictory: One bill in California would limit website and mobile app privacy policies to 100 words, and a second would require more disclosure in privacy policies.

Another California bill would require advertisers on mobile apps to include privacy policies and to obtain consumer consent before displaying ads in some circumstances.

“States are seen as laboratories of democracy, but [California] is building us a Frankenstein of Internet laws right now,” said Steve DelBianco, executive director of NetChoice, with members including Facebook, Yahoo and eBay.

To read this article in full or to leave a comment, please click here

A day after breaking an almost year-long silence on a medical condition that had affected the way he speaks, Google co-founder Larry Page said Wednesday that people should be more open about their medical histories.

“I just disclosed yesterday my voice issues, I got so many thoughtful emails from people and advice,” he said answering an audience question at the Google I/O developer event in San Francisco. Page said he had originally thought his own medical information should be very private, but the response he got from his blog post caused a rethink.

“At least in my case I feel I should have done it sooner and I’m not sure that answer isn’t true for most people, so I ask why are people so focused on keeping your medical history private?”

Page began skipping public appearances in July last year due to an issue affecting his vocal chords, but at the time didn’t disclose the precise nature of the problem. Google too declined to comment on the matter leading some to question whether CEOs should be more public about their health conditions. The issue has been brought to the forefront in the last couple of years after Apple CEO Steve Jobs battled and ultimately lost a battle with cancer.

To read this article in full or to leave a comment, please click here

Russia on Wednesday took a step toward protecting private data by ratifying the so-called Convention 108, established in 1981 and legally binding in 45 countries.

The convention was set up to safeguard the privacy of private citizens. It comprises rules ensuring that data is processed fairly and through procedures established by law, for a specific purpose; that information is stored for no longer than is required for this purpose; and that individuals have a right to have access, rectify or erase their data.

Signatory states must also set up an independent authority to ensure compliance with data protection principles and to help prevent any abuses.

The decision to implement the convention was sent to the Council of Europe by the Permanent Representative and Ambassador of the Russian Federation to the CoE, Alexander Alekseev. It will enter into force on Sept. 1, making Russia the 46th member of the convention.

To read this article in full or to leave a comment, please click here

An important vote on the future of the European Union’s privacy laws has been delayed again.

On Monday, the civil liberties committee of the European Parliament met to discuss the latest draft of Europe’s Data Protection Regulation. German member of parliament (MEP) Jan Philipp Albrecht, who is charged with steering the legislation through to the final vote, explained that although several meetings have been held and some agreements have been reached, more rounds of discussions are still needed.

Therefore the committee will not be able to vote on the draft on May 29 as planned. Albrecht said he believes that compromises can be adopted with a broad consensus and that a vote is still possible before the summer recess in July.

Ireland, which currently holds the E.U. presidency, is very keen to see a vote at the member state level before the end of its presidency on July 1. However this is only possible after the Parliament as a whole has voted, something it will not do until it has heard from the civil liberties committee.

To read this article in full or to leave a comment, please click here

Some of the proposed changes to Europe’s data protection laws would strip citizens of their privacy rights, a coalition of international civil liberties organizations said Thursday.

The European Parliament is currently considering proposals from the European Commission for a complete overhaul of the E.U.’s data protection laws. The original laws date from 1995, the pre-Internet age, and are arguably in great need of an update.

However, the debate about how to update them has been intense. Creating one regulation to replace national data protection and privacy laws in the 27 E.U. countries obviously requires compromise, but many parliamentarians report never seeing lobbying on such a scale before. In an effort to reach some sort of consensus, more than 4,000 changes to the draft text have been proposed.

The civil liberties coalition, which includes Access, Bits of Freedom, EDRI, La Quadrature du Net and Privacy International, has set up a website, nakedcitizens.eu, to help concerned citizens contact their representatives in the Parliament.

To read this article in full or to leave a comment, please click here

A U.S. Senate committee has approved legislation that would give more privacy protection from government surveillance for data stored in the cloud.

The Senate Judiciary Committee, in a voice vote Thursday, approved the Electronic Communications Privacy Act (ECPA) Amendments Act, a bill that would amend a 27-year-old law that governs law enforcement access to electronic records. The bill would require law enforcement agencies to get a court-ordered warrant, with police showing probable cause of a crime, before getting access to suspects’ electronic records stored for longer than 180 days.

Several tech groups cheered the committee’s decision to approve the bill and send it to the full Senate for a vote, although some law enforcement groups raised concerns that the changes to ECPA could compromise investigations. The changes could hamper the U.S. Securities and Exchange Commission’s efforts to investigate financial fraud, SEC Chairwoman Mary Jo White said in a letter to the committee.

Despite some concerns about the bill, a “growing mistrust of government” is driving public opinion, said Senator Chuck Grassley, an Iowa Republican. Voters are concerned that “the government is snooping through emails and online communication at will,” he added.

To read this article in full or to leave a comment, please click here

Update: On Thursday, US News reported that CISPA "will almost certainly be shelved," citing comments made by an unnamed representative of the U.S. Senate Committee on Commerce, Science and Transportation. US News also quoted Michelle Richardson, legislative counsel with the ACLU, who said, "I think it's dead for now. CISPA is too controversial, it's too expansive, it's just not the same sort of program contemplated by the Senate last year." Richardson estimates it could take several months for new legislation to come to a vote.

Cybersecurity and online privacy are two critical interests that seem destined never to get along. Sure, you want malicious hackers, spammers, and other Internet lowlifes brought to justice—but you also want to protect your online data.

A big part of cybercrime-fighting, however, demands gathering a haystack’s worth of aggregated online data and scanning it for an elusive needle of suspicious activity. Your online data could be swept into one of these piles and scanned. What happens to it along the way is anyone’s guess.

That’s why you’ll want to keep an eye on the Cyber Intelligence Sharing and Protection Act (CISPA), which passed the U.S. House of Representatives last week and is now being considered by the Senate, where it’s currently in committee. CISPA aims to loosen restrictions that currently govern the sharing of data among cybersecurity investigators. That may sound reasonable enough, but the controversy arises over how the data is handled—specifically, how it’s shared, and how personally identifiable information (PII) is minimized.

To read this article in full or to leave a comment, please click here

European Union politicians are at loggerheads following a vote in the European Parliament on Wednesday that rejected proposals to store and share information on airline passengers.

The Parliament’s civil liberties committee voted against plans to share between E.U. countries the PNR (passenger name register) data of airline passengers, including their name, contact details, payment data, itinerary, email and phone numbers.

PNR data is collected by airlines and a current agreement with the U.S. uses information on passengers traveling between Europe and the U.S. to target, identify and prevent potential terrorists and terrorist weapons from entering the U.S. The European Commission had proposed a similar scheme for passengers traveling within the E.U.

Dutch Members of the European Parliament (MEPs) Sophie In’t Veld and Jan Philipp Albrecht both welcomed the vote, saying that politicians had put the basic rights of citizens and the rule of law first.

To read this article in full or to leave a comment, please click here

The U.S. online advertising industry has not lived up to a promise to stop the online tracking of Internet users who ask advertisers to do so, a senior U.S. senator said Wednesday.

Senator John “Jay” Rockefeller, a West Virginia Democrat, blasted the online advertising industry for not meeting its promised deadline to implement a do-not-track program by the end of 2012. The Digital Advertising Alliance, a coalition of online advertising groups, committed in February 2012 to honor do-not-track requests by the end of the year, but advertisers and data brokers appear to be “dragging their feet,” Rockefeller said during a Senate Commerce, Science and Transportation Committee hearing.

Consumers are still waiting for a do-not-track system that works across the Internet, said Rockefeller, the committee chairman.

“I personally have long expressed skepticism about the ability, or the willingness, of companies to regulate themselves on behalf of consumers when it effects their bottom line,” said Rockefeller, sponsor of a bill that would create do-not-track regulations. “I do not believe that companies with business models based upon the collection and monetization of personal information will voluntarily stop these practices if it negatively affects their profit margins.”

To read this article in full or to leave a comment, please click here

Microsoft has launched yet another privacy awareness campaign, but this time around, the company decided to focus more on its own privacy right-doings rather than Google's alleged wrongdoings. Declaring “ your privacy is our priority,” the campaign runs online, in print, and on TV, billing Microsoft as the “good guy” of online privacy and offering educational resources for those who want to better control what they share online.

In a blog post introducing the campaign, Microsoft quoted a consumer survey that found 85 percent of Americans are concerned about their online privacy, but "far fewer" take action. Ryan Gavin, Windows general manager, said, “While we don’t pretend to have all of the answers, we do want to help raise awareness for how you can have greater choice and control as you browse the web.”

The first video spot boasts about Internet Explorer's privacy protection features—including the fact that Do Not Track protection against advertising cookies is enabled by default—as part of the company’s efforts to better help you safeguard your privacy online.

To read this article in full or to leave a comment, please click here

Google must pay a $190,000 (€145,000) fine in Germany for gathering and storing emails, photos, passwords, and chat protocols from unprotected Wi-Fi networks with Google Street View cars, Hamburg's Commissioner for Data Protection and Freedom of Information said on Monday.

Google's Street View cars collected data from Wi-Fi networks such as SSIDs (service set identifiers), MAC addresses and personal payload data beginning in 2008, the company said in 2010. That admission prompted a German lawyer to request that the public prosecutor in Hamburg start a formal criminal investigation into Google's practices.

However, in November 2012, two years and nine months later, the prosecutor's office decided not to pursue a criminal investigation into the matter because it was unable to find any violation of German criminal standards, it said at the time.

After that, Hamburg Data Protection Commissioner Johannes Caspar decided to reopen regulatory offense proceedings.

To read this article in full or to leave a comment, please click here

Hacking group Anonymous asked websites to black out their front pages on Monday, in protest against legislation in the U.S. that would allow online companies and government agencies to more easily share personal information.

The protest against the Cyber Intelligence Sharing and Protection Act (CISPA), meant to start from 6 a.m. GMT, appeared to have little traction early. Anonymous-related accounts called for action on Twitter using the hashtag "#CISPABlackout" and a spattering of minor sites blocked access, including the popular "Funny" category on Reddit.

CISPA is meant to encourage better sharing of information during active cyberattacks. It allows U.S. intelligence agencies to share classified data on cyberthreats with private firms, something that is currently prohibited. It also protects firms that voluntary share cyberthreat information with other firms or the government from privacy lawsuits by users.

Critics say it would allow private companies to share a broad range of customer data with each other and the government. Privacy advocates have also pointed out that it doesn't require such companies to scrub unnecessary customer information from what is shared. The bill was approved last week in the U.S. House of Representatives, though it must still be passed by the Senate, and advisors to President Barack Obama have promised a veto.

To read this article in full or to leave a comment, please click here

Google, Bing, and Yahoo are bitter rivals in their quest for your search engine affection, but they have at least one thing in common: They track your search history and tailor the results of your queries to your interests. Yes, they’re attempting to improve your search experience, but that sort of surveillance is anathema to privacy enthusiasts and anyone who doesn’t want to be stuck in an echo chamber of their own interests. DuckDuckGo is a different kind of search engine, designed to capitalize on the big shots’ poor privacy practices by offering an alternative that’s simple and anonymous.

Private searching made simple

At the DuckDuckGo site, just type your query and click the green magnifying-glass search button. DuckDuckGo employs HTTPS encryption and will not include your search query when it builds links to websites, so the sites you visit won’t know what terms you used to find them. DuckDuckGo also refrains from logging your queries and doesn’t tailor results based on your browsing history, so you’re guaranteed to get unfiltered access to the Web.

If your search results don’t pop up quite as quickly as they do on Google, that’s because DuckDuckGo isn’t just checking your query against its own database (carefully collected by the DuckDuckBot Web crawler)—it’s simultaneously running your search across Google, Bing, Yahoo, and more than 30 other search engines. DuckDuckGo will also check against Wikipedia, Wolfram ­Alpha, and other knowledge engines to try to create short summaries, called “0-click boxes,” that answer your query so that you don’t have to click through.

If you don’t want to wait, you can switch off 0-click boxes in the Results section of the DuckDuckGo Settings menu. While you’re there, consider turning on the integrated Web of Trust ratings for your search results, which will cause DuckDuckGo to display color coding to help you gauge whether the link is safe to click: green is all clear, yellow suggests caution, and red signals danger. Web of Trust ratings are crowdsourced from millions of volunteers who rate sites’ trustworthiness in handling user data. Although Web of Trust is available via free add-ons for almost every browser, DuckDuckGo is the first search engine to display WoT reputation data alongside each search result.

To read this article in full or to leave a comment, please click here

The U.S. House of Representatives moved closer Wednesday toward the passage of the Cyber Intelligence Sharing and Protection Act (CISPA), despite concerns that the cyberthreat information-sharing bill will allow Web-based companies to share a wide amount of customer information with government agencies.

The House on Wednesday debated several amendments to the bill, some of them minor changes related to what groups government agencies can share cyberthreat information with. The House, in a 227-192 vote Wednesday, rejected efforts by some Democrats to allow additional amendments to overhaul privacy protections in the bill.

The House is scheduled to continue debate on amendments and vote on CISPA Thursday. The bill is likely to pass in the House, even though President Barack Obama has threatened a veto over privacy concerns.

The bill is a backdoor attack on the U.S. Constitution’s fourth amendment prohibiting unreasonable searches, said Representative Jared Polis, a Colorado Democrat. “This is the biggest government takeover of personal information that I’ve seen during my time here in Congress,” he said.

To read this article in full or to leave a comment, please click here

The chief sponsor of the Cyber Intelligence Sharing and Protection Act (CISPA) in the U.S. Congress has ignited a Twitter storm by suggesting many opponents of the proposed cyberthreat sharing bill are 14-year-olds in basements.

The Twitter account for Representative Mike Rogers, a Michigan Republican, has received thousands of tweets from opponents of the bill since late Tuesday after he said that “if you’re a 14-year-old tweeter in the basement” you don’t understand why Congress needs to pass CISPA. The full U.S. House of Representatives is scheduled to begin debate on the controversial bill Wednesday.

Privacy and digital rights groups have objected to the bill, saying it would allow ISPs, email service providers and other businesses to share a wide range of customer information they believe is related to cyberthreats with the U.S. National Security Agency and other government agencies. CISPA would protect businesses sharing cyberthreat information from being sued by customers.

Several websites, including tech policy blog Techdirt picked up on Rogers’ comments, made during debate Tuesday in the House Rules Committee over what amendments should be allowed on the House floor. The comments are included in a short YouTube clip posted by digital rights activist Sina Khanifar.

To read this article in full or to leave a comment, please click here

Three Google executives are heading back to court in Italy, where the prosecutor has appealed their acquittal on charges of allowing a video to be posted in breach of Italy’s privacy laws, one of the Google execs involved said on Wednesday.

Google’s Senior Vice President David Drummond, Chief Legal Officer Peter Fleischer and Chief Privacy Counsel George Reyes were initially handed six-month suspended prison sentences by a Milan court in 2010 for allowing the video showing the bullying of a handicapped student to be posted to Google Video. However, in December the sentence was overturned by the Milan appeals court. The appeals court also upheld the lower court’s decision to acquit the executives of defamation and confirmed the acquittal on that charge of the former head of Google Video Europe.

But the case is case is not over yet. The Italian prosecutor last week decided to appeal the case with the Italian Court of Cassation, the highest court in the judicial system, said Fleischer in a post on his personal blog.

The Italian prosecutor is arguing that employees like Fleischer can be held criminally responsible for user-uploaded videos, Fleischer said, adding that he had no knowledge of the video at issue, and nothing to do with it. The prosecutor also asserts that platforms like YouTube should be responsible for prescreening user-uploaded content and obtaining the consent of people shown in user-uploaded videos, Fleischer said.

To read this article in full or to leave a comment, please click here

The Cyber Intelligence Sharing and Protection Act (CISPA), a controversial cyberthreat information-sharing bill, will be debated on the floor of the U.S. House of Representatives this week, despite continued opposition from some privacy and digital rights advocates.

The House will begin debate on the bill Wednesday at about 10 a.m. Debate will continue into Thursday, when a vote on the legislation is expected, according to the House Intelligence Committee. The committee voted 18-2 last Wednesday to approve the amended bill and send it to the House floor.

CISPA would allow private companies, including Internet service providers, banks and e-commerce sites, to share a wide range of customer information they believe is related to cyberthreats with U.S. agencies like the National Security Agency and the Department of Homeland Security.

The bill would give those businesses protections from lawsuits for sharing customer information, but it does not require companies to make reasonable efforts to remove unrelated private information from the cyberthreat information they share.

To read this article in full or to leave a comment, please click here

Facebook is teaming up with the nation’s attorneys general to launch a public awareness campaign aimed at keeping young people safer on the site.

The effort, which includes public service announcements and other informational resources, comes as the social network faces mounting pressure both to better educate teenagers on how to keep certain content private, and to stay relevant to them at the same time.

Facebook, which now boasts more than 1 billion monthly active users worldwide, “has hit mass market appeal, and that appeal means the young, hip crowd needs more of a reason to stay,” said Jeremiah Owyang, an analyst with the Altimeter Group.

Also, as the site continues to roll out more advanced features such as its new Graph Search social search tool, and more ways to share, it’s becoming harder and harder to figure out how to manage one’s privacy settings, Owyang said.

To read this article in full or to leave a comment, please click here

The Internal Revenue Service has taken the position it does not need a search warrant to gather email in criminal investigations, despite opposition from lawmakers and privacy advocates and a ruling by a federal appellate court.

Through the Freedom of Information Act, the American Civil Liberties Union obtained 247 pages of IRS records in an attempt to find out whether the agency had ever used only a subpoena to obtain emails. Unlike a warrant, a subpoena does not require law enforcement to show "probable cause" in front of a judge. Probable cause refers to having enough evidence to show that a crime has likely been committed.

Though inconclusive in what the ACLU was looking for, the records show that the IRS has taken the position at least since October 2011 that only a subpoena is needed to obtain emails more than 180 days old, as described in the 1986 Electronic Communications Privacy Act. That position was outlined in a memo written by William Spatz, a senior counsel of the IRS. It is also written in the agency's current manual of policies and procedures.

"Through their documents, [the IRS seems] to take the position that the Fourth Amendment has nothing to say about their access to people's emails," Nathan Wessler, a staff attorney for the ACLU in Washington, D.C., said on Thursday.

To read this article in full or to leave a comment, please click here

A U.S. House of Representatives committee failed to make the changes necessary to allay fears about government surveillance in a controversial cyberthreat sharing bill that’s moving toward a House vote, critics said.

The House Intelligence Committee, in voting 18-2 Wednesday to approve the Cyber Intelligence Sharing and Protection Act (CISPA), did not address concerns that the bill would allow private companies to share too much customer information with government agencies in the name of fighting cyberattacks, digital rights groups said.

Committee leaders expect the full House to vote on CISPA as soon as next week.

“Cyberhackers from nation-states like China, Russia, and Iran are infiltrating American cyber networks, stealing billions of dollars a year in intellectual property, and undermining the technological innovation at the heart of America’s economy,” Committee Chairman Mike Rogers, a Michigan Republican and cosponsor of the bill, said in a statement. “This bill takes a solid step toward helping American businesses protect their networks from these cyber looters.”

To read this article in full or to leave a comment, please click here

Mobile app developers face a huge challenge in keeping up with the fast-changing landscape of data privacy law. They got some tips Wednesday at a conference devoted to the topic in San Francisco.

The services mobile apps provide, which often draw on location, contact lists and other personal data, are raising more and more questions about how appropriately that data is collected and used. Developers are having to ask themselves: Should I notify people when I collect data? Are certain things off limits legally? Am I protected if I tell my users what data I’m collecting? If so, where should I tell them that?

Those questions and others were debated during a conference on mobile app privacy at the University of California’s Hastings College of Law in San Francisco.

“Consumers want convenience, social tools and relevance,” said Kevin Trilli, vice president of product at San Francisco-based TRUSTe, which works to help companies safely collect and use customer data. “And privacy is hot now because of the data and behavior interaction that enables these apps,” he said.

To read this article in full or to leave a comment, please click here

The wealth of personal data that mobile apps collect on their users needs to be conspicuously stated to consumers or developers could face legal heat, California attorney general Kamala D. Harris said Wednesday.

Rather than resorting to subpoenas and enforcement actions, the California attorney general’s office is in the midst of a crusade of sorts built around encouraging app developers, and Internet services firms in general, to become compliant with state privacy laws on their own accord.

Last year, for instance, the office reached an agreement with a number of major tech companies, including Facebook and Google, to make the privacy policies for those companies’ mobile apps available to consumers in the Apple App Store and Google Play Store before the download process rather than after. The idea is to encourage technology companies that have access to users’ personal identifiable information such as geolocation and contact lists to better inform consumers how that information is used so consumers can make better decisions about using the app in the first place.

California has some of the strongest privacy laws in the country and is often seen as a bellwether for how other states nationwide will grapple with the ongoing issues surrounding consumer privacy and mobile apps. Striking the right balance between innovation and protecting users’ privacy, therefore, is an issue high on Harris’ agenda.

To read this article in full or to leave a comment, please click here

Improving users’ experiences is no justification for using consumer information in big data projects, according to Europe’s top data protection officials.

The Article 29 Working Group, which includes the data protection supervisors from the European Union’s 27 member states, said that consumers’ “specific, explicit consent” is almost always required if companies want to use their information in big data projects.

In an opinion document adopted last week, the group stated that “vague or general purposes” such as “improved user experience”, “marketing”, “IT security” or “future research” are not, on their own, sufficiently specific enough to gain consent.

The newly published 70-page document sets out the rules that organizations must abide by if they want to use consumer data.

To read this article in full or to leave a comment, please click here

Mobile phone apps are accessing users’ private data and transmitting it to remote servers far more than appears strictly necessary, while users have inadequate tools to monitor or control such access, according to a new study by two French government agencies.

The French National Commission on Computing and Liberty (CNIL) studied the behavior of 189 apps on six iPhones equipped with monitoring software and analysis tools developed by the French National Institute for Research in Computer Science and Control (INRIA). The goal was to improve general understanding of the way apps use private data, not to point the finger at particular developers, CNIL President Isabelle Falque-Pierrotin said Tuesday at a news conference to present the research.

Rather than study apps in laboratory conditions, CNIL took a real-world approach, asking six volunteers to put their own SIM cards in the phones and use them as they would their own between mid-October and mid-January. One volunteer downloaded almost 100 apps, and one added just five to those installed by Apple.

One in 12 of the apps accessed the address book, and almost one in three accessed location information. On average, the users had their location tracked 76 times a day during the study. Foursquare and Apple’s own Maps app requested location information the most often — perhaps understandable given their purpose—with AroundMe and Apple’s Camera app close behind.

To read this article in full or to leave a comment, please click here

A privacy watchdog has filed a lawsuit contending the Federal Bureau of Investigation has failed to provide requested technical information about a biometric identification database expected to be the largest in the world.

The Electronic Privacy Information Center (EPIC), a nonprofit organization based in Washington, alleges the FBI failed to disclose documents after it filed two Freedom of Information Act (FOIA) requests in September 2012.

EPIC sought information on the FBI’s “Next Generation Identification” program, which will amass biometric information on mostly U.S. citizens from local, state and federal law enforcement agencies, including palm prints and iris scans. New York City’s police department began collecting iris scans in 2010 of people who were arrested.

According to the FBI, a multi-million dollar contract was awarded to Lockheed Martin Transportation and Security Solutions to develop the system. When completed, it is expected to be the largest biometric database in the world, according to EPIC’s lawsuit.

To read this article in full or to leave a comment, please click here