Left to chance

On November 24, the European Parliament established new Internet policies, including a right to Internet access, net neutrality obligations, and strengthened consumer protections. Under the ePrivacy directive, communications service providers will also be required to notify consumers of security breaches, persistent identifiers (“cookies”) will become opt-in, there will be enhanced penalties for spammers, and national data protection agencies will receive new enforcement powers. The amended directive takes effect with publication on December 18 in the EU Official Journal. Member states then have 18 months to transpose the Directive into national law. See EPIC Privacy Law Sourcebook.

The European Network and Information Security Agency has released a new report on Cloud Computing. The ENISA report recommends that European officials determine the application of data protection laws to cloud computing services. The report also considers whether personal data may be transferred to countries lacking adequate privacy protection, whether customers should be notified of data breaches, and rules concerning law enforcement access to private data. Earlier this year, EPIC filed a complaint with the Federal Trade Commission, urging the Commission to examine the adequacy of privacy safeguards for cloud computing services. A subsequent letter by computer researchers, addressed to Google CEO Eric Schmidt, raised similar concerns. See EPIC Cloud Computing.

Today, EPIC filed a Freedom of Information Act appeal,
seeking disclosure of NPSD 54, the classified Directive that
describes a National Security Agency program to monitor American
computer networks. EPIC submitted the original request to shed light
on the extent of the federal government’s surveillance of civilian
computer systems, but the agency refused to disclose the document.
EPIC’s appeal warns that the NSA’s improper withholding of the
Directive “flatly contravenes” the President’s policy on open
government and “explicit FOIA guidance promulgated by the
Attorney General.” EPIC further stated, without public disclosure
of the Directive, “the government cannot meaningfully make assurances about
the adequacy of privacy and civil liberties safeguards.” For more
information, see EPIC Open Government.

Today, the Department of Homeland Security proposed to make permanent Global Entry, a program the agency says will “streamline the international arrivals and admission process at airports for trusted travelers through biometric identification.” Under the proposed system, pre-registered international travelers can bypass conventional security lines by scanning their passports and fingerprints at a kiosk, answering customs declaration questions, and then presenting a receipt to Customs officials. The DHS announcement follows the recent news that Clear, a Registered Traveler program, had entered bankruptcy, raising questions about the possible sale of the biometric database that was created. In 2005, EPIC testified before Congress that the absence of Privacy Act safeguards for Registered Traveler programs would jeopardize air traveler privacy and security. The agency is taking comments on the proposal. For more information, see EPIC Air Travel Privacy, EPIC Biometric Identifiers, EPIC Automated Targeting System, and EPIC Whole Body Imaging.

Officials from the United States and the European Union are meeting in Washington this week to review “Safe Harbor,” a framework that allows the processing of data on EU citizens by US firms without traditional legal protections. Safe Harbor has been challenged by the European Parliament and questioned by academic experts. The Federal Trade Commission recently took action against US firms that incorrectly claimed current Safe Harbor certification, but the only penalty imposed was that the companies may not in the future misrepresent membership in any privacy, security, or other compliance program.

The often-spoofed, color-coded Homeland Security Advisory System may get an overhaul – moving from five colors to three in a bid to win the public trust.

The nation has been at Yellow, “an elevated significant risk of terrorist attacks” for three years. International and domestic flights have been at an Orange “high risk of terrorist attacks” for the same period.

A proposal by the Homeland Security Advisory Council, unveiled late Tuesday, recommends removing two of the five colors, with a standard state of affairs being a “guarded” Yellow. The Green “low risk of terrorist attacks” might get removed altogether, meaning stay prepared for your morning subway commute to turn deadly at any moment.

The Threat Level advisory system was set up in 2002 in the wake of the 2001 terror attacks and has changed 17 times — the last in 2006. It has never been lowered to Green “low risk of terrorist attacks” or the Blue “general risk of terrorist attacks.”

“There is currently indifference to the public Homeland Security Advisory System and, at worst, there is a disturbing lack of public confidence in the system,” the council wrote Janet Napolitano, the Homeland Security secretary.

The 19-member panel’s recommendations are not binding. Panel membership ranges from Miami Mayor Manny Diaz to Joe Shirley, president of the Navajo Nation. Some members supported scrapping the color-coded system.

But the group said the public should feel confident in a new three-color rating system because, “for reasons of public credibility,” the scale won’t be politicized and instead the government “should elevate the threat status only when compelled to do so in the interest of public safety and security.”

That statement comes two weeks after Tom Ridge, the former Homeland Security secretary, wrote in a new book, the Test of Our Times, that former Defense Secretary Donald Rumsfeld and former Attorney General John Ashcroft unsuccessfully lobbied him to raise the threat level days before the 2004 elections, in a bid to seal President George W. Bush’s re-election.

“Ashcroft strongly urged an increase in the threat level, and was supported by Rumsfeld,” Ridge writes. “There was absolutely no support for that position within our department. None. I wondered, ‘Is this about security or politics?’”

The new system, if approved by the agency, would consist solely of Yellow, Orange and Red.

Here are the new meanings:

Don’t forget to stock up on duct tape.

See Also:

• Color-Coded Threat Level System In New Colors for Spring!
• Homeland Security Threat Level Raised to Chicago Dog With …
• Congress to Tweak DHS Color-Warning System
• Air Force Cyber Command’s New Weapon: DMCA Notices
• Report: FBI Mishandles Terror Watch List
• Ready (To Wear) Homeland Security
• 860000 Name Long Terror Watch List Scrutinizes Americans Most …

Original article at Threat Level