Lawmakers are putting their heads together in updating the 1986 anti-hacking law mainly to make it attuned with the present state of online “culture”. The present provisions of the law penalizes even innocent web surfing. But those concerned with its amendment are very cautious because changing the penalties might let cybercriminals off the hook. Updating the Computer Fraud and Abuse Act would be considering the civil liberties of users while seeing to it that violators are found.

The specific part of the law that calls for revision is the power of government to convict users who violate a website’s terms of service agreements. One professor at a law school aired his concern about the present state of the law. He argued that it threatens the civil liberties of Americans who innocently give false information on Facebook and online dating sites.

The professor, in a written testimony, gave some typical examples of how millions of users give false information. A user, he said, could be criminalized for writing in his profile that he goes to the gym every day when in reality, he only goes there once a month. Or, he added, another user who gives false information about his height, weight or age, could be called a criminal. He mentioned that a study suggested that 8 out of 10 users give this type of false information in their profiles. Granting that this is accurate, there are millions of Americans out there who are cybercriminals.

Another employee has found the courage to sue his former employer for violation of privacy. A state training manager was fired for timesheet violations, but filed a lawsuit against the Labor Department through the New York Civil Liberties Union. In his own version, the employee alleged that he was tracked with a GPS device that police placed in his personal car. Describing the action, a NYCLU lawyer called such use of GPS technology as an “unprecedented degree of government intrusion”.

In defense of himself, the employee explained why he felt he was fired from his post. He said that it was more of a punishment for having stood up on behalf of other employees. He said that some employees were pressured to attend a prayer breakfast sponsored by a Governor. The Department of Labor claimed differently, saying that his improper filing of timesheets is what cost him his post.

What has the GPS tracking device to do with the case? To put him under surveillance, the device was used to keep a record of the times he actually did his job. According to allegations, he claimed pay for hours when he was not doing his work. The plan was to track him during his official working hours. What happened was that the monitoring went beyond normal working hours, even going on during evenings and weekends. To aggravate the situation, even the employee’s vacation with his family was monitored.

Internet companies have been in lawmakers sights lately over the treatment of information they gather from their surfers, and how well protected it really is. Essentially, these behavioral advertisers track where you have been and bring you related advertisement. That wouldn’t fly in real life, and people are tired of it happening online.

Lawmakers in the House are taking action. They are writing laws and other new documents that propose to limit the amount of unauthorized snooping that goes on when Internet companies look at your browsing histories. They also wish to educate the public on how they could better protect themselves while online.

While the bill is being debated in congress, there is not enough energy to go all around, with health care and energy conservation taking up most of the floor time. The issue isn’t pigeonholed though, and it will up for consideration next year.

Google, Yahoo, and other search engines and sites to be affected by this bill are a bit torn on where they stand: they want people to have their privacy, but at the same time, they make money through these advertisers.

In Ottawa, Canada, there is a pending bill that proposes to allow police complete access to Internet communications. The police say they need to upgrade, for Internet security, laws haven’t been updated in forever, and the laws need to move with the times.

This proposition would force ISPs (Internet Service Providers) to make it possible for police to access their databanks for any reason to extract data about users and particularly their conversations.

This push for more Internet power from police has been going strong for almost ten years, and the police think it has been long enough. They insist that with the dawn of the new technological age, criminals are hiding and doing their dirty work online, a place where it is tough for them to get caught.

The police have no surveillance teams online, and don’t have the ability to dispatch a monitoring force, and certainly aren’t allowed to see what criminals do online. This needs to change for people’s safety they say. The police promise not to abuse their power, and even use a warrant system as in a real-life search.

TechCrunch (via the WashingtonPost) has recently published an article stating what should be the Digital Bill of Rights to protect consumers. With the Internet age in full-swing, and Election ’08 in the near future, what better time than now to present a plan of action for laws and regulations regarding the Internet? Many laws governing the Internet are quite outdated and can’t keep up with the daily advances in technology…as food for thought: What if laws had never been changed with the inception of modern mail carriers? Imagine the same laws were still completely intact even with the transition from the Pony Express to the modern-day United States Postal Service. Could that work? Could a law regarding the Pony Express still govern the actions of USPS?

Issues such as copyright infringement, net neutrality, and digital privacy are difficult to govern, mainly because they are creations of the modern era of technology. Maybe it is time to dust off the books and create some new laws that can maintain a degree of control and consistency over rapidly expanding technology. Many laws do not protect users’ Internet privacy and allow companies to spy on us and record our information so they can build a profile of our web surfing habits. The Digital Bill of Rights would be a step in the right direction to create updated laws that can protect consumers from ISPs, marketing companies, device manufacturers, and even the government itself.

Presented in the article is the author’s own Digital Bill of Rights, which he asks users to help further refine. Maybe our candidates can use this as a starting point and get the ball rolling in the right direction.

Guardian UK recently published an article updating the information about the E.U./U.S. privacy deal set to make way sometime next year. This deal is intended to help both sides in the war on terrorism. The two agreed in “principle” but still have numerous unresolved issues.

This deal would be a breakthrough, according to the article, for the U.S. since it faces very strict E.U. privacy laws when trying to find information on a suspected terrorist or criminal. Credit card transactions, travel history, and Internet habits are all protected by the E.U. (Look back at this previous post about U.S. and E.U. privacy laws).

While both sides want to get the ball rolling and make this happen, they do recognize that many issues still need to be resolved. Further they are not in a hurry to make something happen at the expense of citizens’ privacy rights. This is especially true with the recent criticisms that have come about from other deals made between the two, especially one where the E.U. gave the U.S. access to private data about passengers traveling to the U.S. A key issue is the misuse of information, which, if happens, will allow E.U. citizens to sue the U.S. under the U.S. privacy act.

Some principles have been agreed on, while others are still being figured out. One of the major principles is that, “information revealing a person’s racial or ethnic origins, political, religious or philosophical views and health or sexual behavior, may not be processed unless domestic legislation provides appropriate safeguards…people should be told about use of their data, which must be supervised by an independent authority.”

Ultimately, I like this idea…assuming the two stay on the right track and continue progress towards ensuring the average Joe is protected. It definitely seems like every intention is being made to protect us…only time will tell how this plays out.

In reviewing MSNBC’s Privacy Lost, we continue with part four of the segment. This segment discusses the Real ID Act and the effect it will have when it goes into effect. At the time of the article it was scheduled to go into effect in 2008, but now has been pushed back to 2011. The article also present something I found very interesting, an interactive chart with high-tech methods for identification and some of the privacy risks associated with each.

The Real ID Act sets up a national ID system by having modern high-tech standards for driver’s licenses and ID cards. The government feels this is the best way to identity people, whether it is at U.S. borders or at the DMV. In addition to the standard information found on an ID card (name, gender, address, birth date, and digital photo), physical security features will be used and will also vary by state. These will be used to prevent fraud and have the ability to be accessed by “machine-readable technology,” which includes RFID chips and other such technology. With the Real ID Act, states are required to verify identities. These records must then stay on file for 10 years with open access to any other state searching for information. In a nutshell, as much information as humanly possible will be retained by your ID and anyone that is able to buy, sell, or hack the information can know way too much about you.

The article continues to discuss other ID management initiatives and the privacy risks associated with them. Some of these include high-tech passports and the Western Hemisphere Travel Initiative, which increased ID requirements when travelling from the U.S. to other countries in the region. All these measures can be used to increase the government’s ability to track us. And to add more fuel to the fire, all these methods will be giving out some sort of signal…which any hacker can intercept and potentially use to gain information.

The third page of the article discusses hackers and even some security experts who have been able to work their magic, so to speak, and turn Real ID into a better method of obtaining personal information. Advocates of Real ID played this off as a “media stunt.” The article finished up by discussing how technology is dynamic, not static so the issues they are trying to thwart are ones from the past.

With today’s continuation of MSNBC’s Privacy Lost, the focus is on the vast difference in privacy rights and laws between the United States and the European Union.

A few examples of the difference in European privacy laws vs U.S. privacy laws include:

• Personal information can’t be collected without permission, and the person has a chance to review their information to make sure it is accurate and up to date
• Companies that process data must be registered with the government
• Employee e-mails cannot be read by employers
• Personal information cannot be shared across borders or companies without permission
• Salespeople at stores can’t ask for a shopper’s phone number

Europeans tend to trust their government more, even though many of these limitations do not apply to them. According to the article, the Netherlands is 130 times more likely to use wiretapping than the U.S. The major different is that the E.U. places many privacy restrictions on the “evil” corporations, while the U.S. lacks trust in their government.

The article continues to point out the significance that privacy laws (well actually the lack of privacy laws in this case) played during the Holocaust when church records were used to persecute Jews. Some theories exist that date the privacy issues back even further in history. The article then continues to point out some recent examples of how the differences in privacy laws became major issues. Europeans choose to use the government, which is there to protect them, when wrongdoings occur…Americans, on the other hand, use the private sector to resolve issues.

The article displays a very useful chart to show the differences between the U.S. and E.U. in various issues including: right to privacy, government snooping, and consumer data collection. From what I see, Americans tend to view privacy as a personal matter that they have a right to defend on their own terms. In contrast, Europeans seem to see privacy as a matter of government and will use that avenue as opposed to actively pursuing ways to protect their privacy. Americans make privacy happen, while Europeans expect it to be there.

While I won’t say that one trumps the other, both the U.S. and the E.U. make valid points to their cause. My reoccuring thought while reading this article was how do two vastly different systems work so well, respectively? Speaking from a U.S. point of view, while many privacy issues exist, I know I can still be protected. It is a difficult subject to approach. Ultimately, both systems are working in their respective ways.