Wednesday, January 28, 2009

Groups push for health IT privacy safeguards

When the subject of digitizing medical records comes up - and there are privacy advocates in the vicinity - you're in for a complex discussion with few easy answers. Where there's no debate is whether transitioning to digitized records will help save money and improve health care...this is a certainty.

What remains contentious - and rightly so - is the intrinsic threat a massive electronic database containing all of our most personal medical records poses to our privacy. The fact is there are benefits and pitfalls to such a plan. And being that this digital transition is a key component to both President Obama's health plan AND his economic stimulus package, this debate has just been pushed to the forefront of the ongoing privacy debate.

The places I go to get all the facts I could ever need on this subject, and numerous others related to privacy protection are The Privacy Rights Clearinghouse and the World Privacy Forum.

The Privacy Rights Clearinghouse nails the current challenge and debate:

Certainly, access to electronic records would have greatly assisted emergency health teams in the aftermath of Hurricane Katrina in August 2005. And most individuals can easily envision the benefits to hospital emergency rooms when assisting unconscious patients. But the challenges regarding security and confidentiality are profound.

...

These types of aggregated electronic health records pose a number of concerns:

The custodian of the records may not necessarily be a "covered entity" under the HIPAA privacy rule. HIPAA only applies to health care providers, health plans, and health care clearinghouses. Therefore, it is possible that consumers may not have any privacy rights under the HIPAA law if they utilize a service that electronically aggregates medical records.

The Web site operator could become subject to judicial process and can be served with a subpoena for your personal medical records. This greatly facilitates the ability of both government entities and civil litigants to go on fishing expeditions for your medical records.

The Web site's privacy policy can be changed at any time. This could, for example, subject consumers to targeted advertising based upon their medical conditions.

And in testimony to Congress, Pam Dixon of the World Privacy Forum brought up the growing problem of Medical Identity theft that any Health IT plan must adequately protect against:

And a final note: it is important to take the growing crime of medical identity theft into account. This is a crime where an identity thief may intentionally alter or inadvertently cause to be altered a victim’s medical file so that the file reflects diseases or a medical history that the victim does not have. It is nightmarish that a patient’s medical chart may include information about someone who has stolen the patient’s identity for the purposes of using the victim’s insurance or for dodging medical bills. However, this crime is already occurring and the accuracy of patient medical files is already being impacted. Medical identity theft is an unfortunate reality that must be dealt with sooner rather than later. A better and broader amendment rule will serve to protect privacy and reduce medical errors in this context, one that is in sore need of being addressed.

Pam also notes the inevitability of such a transition...making the need to protect patient privacy that much more paramount:

It is perfectly apparent that health care record keeping will be increasingly automated and networked in the future. This prospect, especially increased networking, means that the risks of improper access to and disclosure of records will increase in the future. If we are to find a way to continue to protect patients, then we must find a way to control improper uses and disclosures. Accounting is one way to accomplish that goal.

Click here to read her remarks in their entirety.

So everyone should prepare to hear a lot more about this issue as this massive economic stimulus bill works its way through Congress. Although lawmakers are close to pulling the trigger. ensuring the privacy of patients' electronic health records (EHR) remains a top concern.

Sen. Jim Whitehouse, a Rhode Island Democrat who chaired a hearing this morning examining the appropriate safeguards government should insist on before it doles out billions of dollars to help providers computerize patients' records, may have hit the nail on the head: "I very firmly believe that the Achilles heel of health IT is privacy."

Now that I've given a quick background with some important details to keep in mind, let's go to today's article in Computerworld on this very debate, taking place as we speak in Congress.

Grant Gross reports:

Health IT improvements are needed to improve the quality and efficiency of health care in the U.S., but patients might be wary of electronic health records without strong privacy safeguards built in, Sen. Patrick Leahy (D-Vt.) said.

"If you don't have adequate safeguards to protect privacy, many Americans aren't going to seek medical treatment," Leahy said. "Health care providers who think there's a privacy risk ... are going to see that as inconsistent with their professional obligations, and they won't want to participate."

...

The bill includes several privacy provisions. It extends privacy requirements to business associates of health care providers, and it requires the U.S. Department of Health and Human Services to put out annual guidance on the most effective privacy safeguards. The bill also requires health care providers to notify customers of any security breaches.

...

At this morning's hearing, members of the Senate Judiciary Committee heard testimony from witnesses representing private industry, government, the medical community and the public-interest sector. Almost in chorus, they championed health IT, but warned that without adequate privacy safeguards, patients would opt out of electronic record-keeping and providers would be reluctant to share their data.

...

Then others, while reaffirming their general commitment to health IT, said that the bill's privacy protections are too vague. They asked the senators to add details laying out a tiered system for who could access what sort of information to fit into a more comprehensive privacy framework -- just the sort of delay Microsoft's Stokes spoke against.

...

Lawmakers need to balance privacy with the benefits that health IT can provide, said David Merritt, project director at the Center for Health Transformation and the Gingrich Group. "Privacy cannot be compromised, but neither can we compromise progress in pulling our health care system out of the technological Stone Age," Merritt said. "We need to find the right balance between privacy at all costs and progress at any cost."

Click here to read more.

Friday, January 23, 2009

Part 2 of Olbermann Interview With Wiretapping Whistleblower

As I promised in yesterday's post, I will be following this breaking story like a hawk. And as one would expect from Keith Olbermann when it comes to the issue of warrantless wiretapping and civil liberties, he's on it too.Click here to watch part one of Olbermann's interview of whistleblower Russell Tice, a former National Security Agency analyst. In it, Tice claims that not only was the administration sweeping up literally millions of innocent Americans phone calls, emails, faxes, and web searches, they were specifically targeting JOURNALISTS. Apparently, Big Brother really is watching.

Olbermann had Tice back on the show last night. Watch that interview here.

As for trying to answer that bigger question of "What do we do now?" I said in yesterday's post:

"The good news (if there is any) is this is just the kind of jaw dropping, Constitution smashing, and privacy eviscerating revelations that might force the Obama Administration to both investigate past Bush crimes, but also take a stronger position on the issue of wiretapping in general (namely by revisiting and revising the "Protect America Act").

Today, I found what might be at least a hint of an answer, as President Obama nominated David Kris, a former critic of Bush's warrantless wiretapping program, to lead the Justice Department's national security division. In late 2005, "Mr. Kris wrote a 23-page legal analysis that described as 'weak' and likely unsupportable some of the Bush administration's key legal arguments in justifying the program."

The New York Times reports:

...when he was still at the Justice Department, he advised his boss, who was at the time Deputy Attorney General Larry Thompson, not to sign a mysterious batch of wiretapping warrants — which grew out of the program — because intelligence officials would not reveal how the information in the wiretaps was obtained.

Mr. Kris was an early advocate of the idea of creating a separate national security division at the Justice Department, apart from the criminal division. The national security division was created in 2006.

If he is confirmed by the Senate, Mr. Kris will not only oversee intelligence and national security law but may also be responsible for assessing how and whether detainees now held at Guantanamo Bay can be tried in American criminal courts.

The immediate good news in this appointment is Obama clearly chose someone that is on the right side of this issue and the Constitution. What I don't think we know yet, and this goes for Obama too, is whether there will be any sort of concerted effort to hold those accountable for the various Constitutional crimes committed. That is true of wiretapping, and true of torture as well.

I will be following this every step of the way...

Thursday, January 22, 2009

Whistleblower: NSA spied on everyone, targeted journalists

These are truly extraordinary - and sadly not unexpected - new revelations regarding the scope of the Bush Administration's secret wiretapping program. The good news is this is just the kind of jaw dropping, Constitution smashing, and privacy eviscerating revelations that might force the Obama Administration to both investigate past Bush crimes, but also take a stronger position on the issue of wiretapping in general (namely by revisiting and revising the "Protect America Act"). The bad news is Bush crimes against the Constitution were greater than even I suspected (well, I actually assumed quite a lot).

Thanks to whistleblower Russell Tice, a former National Security Agency analyst, we now have come to learn that journalists were even targeted by the Administration, and that nearly everyone else in this country may have been swept up in the warrantless wiretapping program too. He claims the administration was targeting specific groups of Americans for surveillance, non-terrorist Americans.

Remember too, the NSA was already estimated to have collected millions of transmissions, e-mails and phone calls of average Americans simply by patching into the networks of cooperative telecommunications companies.

Clearly, and rightfully, Mr. Tice feared to reveal what he knew while George Bush occupied the Oval Office. Now he's gone public! Of course, what we still don't know, and that he admittedly doesn't either, is what the Administration used this information for, and why do it in the first place?

Before I get to the article in Raw Story on this breaking scandal, watch Tice on Keith Olbermann's Countdown last night.

A few especially noteworthy claims made by Tice in the interview last night:

OLBERMANN: I mention that you say specific groups were targeted. What group or groups can you tell us about?

TICE: Well, there's sort of two avenues to look at this. What I just mentioned was sort of the low-tech dragnet look at this. The things that I specifically were involved with were more on the high-tech side. And try to envision, you know, the dragnets are out there, collecting all the fish and then ferreting out what they may. And my technical angle was to try to harpoon fish from an airplane kind of thing. So it's two separate worlds.

But in the world that I was in, as to not harpoon the wrong people in some -- in one of the operations that I was in, we looked at organizations just supposedly so that we would not target them. So that we knew where they were, so as not to have a problem with them.

Now, what I was finding out, though, is that the collection on those organizations was 24/7, and you know, 365 days a year, and it made no sense. And that's -- I started to investigate that. That's about the time when they came after me, to fire me. But an organization that was collected on were U.S. news organizations and reporters and journalists.

Raw Story Reports:

Former National Security Agency analyst Russell Tice, who helped expose the NSA's warrantless wiretapping in December 2005, has now come forward with even more startling allegations. Tice told MSNBC's Keith Olbermann on Wednesday that the programs that spied on Americans were not only much broader than previously acknowledged but specifically targeted journalists.

"The National Security Agency had access to all Americans' communications -- faxes, phone calls, and their computer communications," Tice claimed. "It didn't matter whether you were in Kansas, in the middle of the country, and you never made foreign communications at all. They monitored all communications."

...

Tice first began alleging that there were illegal activities going on at both the NSA and the Defense Intelligence Agency in December 2005, several months after being fired by the NSA. He also served at that time as a source for the New York Times story which revealed the existence of the NSA's wireless wiretapping program.

Over the next several months, however, Tice was frustrated in his attempts to testify before Congress, had his credibility attacked by Bill O'Reilly and Rush Limbaugh, and was subpoenaed by a federal grand jury in an apparent attempt at intimidation.Tice is now coming forward again now because George Bush is finally out of office.

He told Olbermann that the Obama administration has not been in touch with him about his latest revelations, but, "I did send a letter to, I think it's [Obama intelligence adviser John] Brennan -- a handwritten letter, because I knew all my communications were tapped, my phones, my computer, and I've had the FBI on me like flies on you-know-what ... and I'm assuming that he gave the note to our current president -- that I intended to say a little bit more than I had in the past."

Stay tuned...I'll be covering this issue like a hawk right here.

Tuesday, January 20, 2009

Feds may still snoop library files Under Obama

I know, I know, today is a day about celebrating change and the end of a truly tragic era. And of course, there are few rights and protections that were more fundamentally assaulted in the past 8 years than that of privacy.

But, as much as I'd love to post some "good news" on the privacy front, alas, I found this disturbing article in the San Francisco Chronicle. As the title of this post suggests, apparently the Obama administration supports continuing the practice of snooping in our library records...in order to keep us safe of course!

Forgive me if I don't find the new Attorney General's "we're doing it to fight terrorism" argument convincing.

The Chronicle reports:

Holder said he realizes the provision has been controversial and he will seek more information from department staff before making a final decision, if confirmed as attorney general. He didn't elaborate on his support for the law, but said at another point in the hearing that his top priority would be to protect Americans from terrorism, using "every available tactic ... within the letter and spirit of the Constitution."

...

The provision Holder wants Congress to renew, known as Section 215, "gives the government far too much power to conduct fishing expeditions in the records of bookstore customers and library patrons," Finan said. "We never expected that the change of administration would mean we had any less of a fight on our hands."

Organizations of librarians and booksellers have denounced the law as an assault on reader privacy. Some libraries have posted signs warning patrons that their records are subject to government inspection, and many librarians now destroy files on borrowers who have returned their books.

...

Finan said the American Booksellers Association, which represents 2,000 independent bookstores, and allied groups of librarians, publishers and writers will instead try to soften the law along the lines of legislation that Obama supported in the Senate last year.

Carried by Sen. Russ Feingold, D-Wis., the bill would have allowed agents to obtain records of customers and library patrons only if they were actually suspected of terrorism, and would have authorized court challenges by keepers of the records.

Thanks to that last paragraph, and the fact that its a bill authored by Russ Feingold, a longtime privacy champion, I feel somewhat confident that perhaps the news isn't quite as bad as the article's headline suggests. A greater question will be whether Obama chooses to use his enormous political capital on a bill like this - which would essentially assure its passage - or whether he views taking high profile positions on issues like this as not being politically expedient enough?

Friday, January 16, 2009

Court Affirms Wiretapping Without Warrants

Now, at first glance of the above headline in the New York Times you might think "what the hell??? How could any court rule this way?"

At least, that was my initial response (while gasping). But, with closer inspection one realizes this isn't your usual court, and this decision doesn't necessarily set the kind of precedent one might fear.

Before I get to the New York Times piece, written by the reporter who broke the story on the warrantless wiretapping program a few years back - James Risen - I want to point you to a very informative interview by Rachel Maddow of Constitutional Scholar Jonathan Turley last night.

Let's just say after listening to Turley's analysis, I felt a lot better about this (grossly unconstitutional) decision...in that, it's not as important as Big Brother might try to convince us it is. Most importantly, as you will see, this decision has little relation to the President's initial wiretapping program, and the case that could be brought against him (unlikely...but if it is).

The bottom line is this decision WAS NOT about the illegal program Bush initiated before the 2007 FISA law passed by Congress, it is only related to that 2007 law itself. So this by no means settles anything (though it clearly "helps" Bush and co's argument).

With that said however, this still is NOT good news. The bottom line remains that this is the first decision by an appeals court that says the Fourth Amendment’s requirement for warrants does not apply to the foreign collection of intelligence involving Americans. This could have - but let's hope it doesn't - broad implications for national security law.

Click here to watch the Turley interview.

Now let's go to the New York Times article. James Risen reports:

In a rare public ruling, a secret federal appeals court has said telecommunications companies must cooperate with the government to intercept international phone calls and e-mail of American citizens suspected of being spies or terrorists.

...

But the ruling, handed down in August 2008 by the Foreign Intelligence Surveillance Court of Review and made public Thursday, did not directly address whether President Bush was within his constitutional powers in ordering domestic wiretapping without warrants, without first getting Congressional approval, after the terrorist attacks of 2001.

...

“I think this kind of maintains the status quo,” said Scott Silliman, an expert on national security law at Duke University. “I don’t think it is a surprise that the FISA court found that the legislation was constitutional. They are going to defer to Congress, especially since there was a lot of discussion when the law was passed about the ability of the government to compel providers.”

The ruling is the latest legal chapter in a dispute dating back to the aftermath of the Sept. 11 attacks, when Mr. Bush secretly ordered the National Security Agency to eavesdrop on the international communications of American citizens without the approval of Congress or the courts. After the agency’s program was publicly disclosed in December 2005, critics said it violated a 1978 law. The White House initially opposed any new legislation to regulate surveillance, arguing that it would be an infringement of the president’s powers.

...

The case arose in 2007, when a telecommunications company refused to comply with the government’s demands that it cooperate without warrants under the terms of the Protect America Act. The company was forced to comply, under threat of contempt, while it challenged the law in the FISA court, the opinion noted.

The company argued that the law violated the constitutional rights of its customers and that the act placed too much power and discretion in the hands of the executive branch. It also raised specific privacy problems, which the court ruling did not identify, that could occur under the surveillance directives it had received from the government.

Click here to read the rest of the article.

Thursday, January 15, 2009

Activist group sues UC, claiming illegal search

Our friends - and privacy champions - over at the Electronic Frontier Foundation and the ACLU of Northern California filed suit in federal court yesterday to protect the privacy and free speech rights of two San Francisco Bay Area community organizations.

The reason? Hold on to your hats for this "Big Brother" abomination: The groups' computers were seized and the data copied by federal and local law enforcement. I don't think its by accident, knowing this administration, that these two organizations - Long Haul and the East Bay Prisoner Support Group (EBPS) - are publishers of information for social and political activists.

As noted by the ACLU, "Long Haul is an all-volunteer collective that publishes a newspaper called Slingshot and provides community space, computer access, and a lending library of radical books to members of the public at its Infoshop in Berkeley, California. EBPS publishes a newsletter of prisoners' writings, distributes literature to prisoners, and occupies an office at Long Haul."

According to the suit, these were illegal intrusions on groups that were not suspected of any wrongdoing and also violated their constitutional rights as publishers of their own newspapers.

EFF's Civil Liberties Director Jennifer Granick stated: "The Slingshot and EBPS computers were clearly marked and kept behind locked doors," said "Yet the raid officers broke into the offices to take information these organizations collected and relied on to publish information to their readership. This is a blatant violation of federal law and the First and Fourth Amendments, interfering with the freedom of the press."

Michael Risher, staff attorney at the ACLU of Northern California, concurred: “As long as the government keeps the copies they made of these hard drives, they are continuing to violate the privacy of everyone who wrote or stored a document on the computers. We filed this lawsuit to protect fundamental rights and to stop these illegal searches from happening in the future."

This has the flavor of one of those stories that gets worse and worse the more we learn. It kind of reminds me of those stories about government agents going undercover, and participating in small gatherings organized by benign peace groups that did nothing wrong except opposing illegal US wars. Or in other words, this reeks of an ideological hit job orchestrated by the government against the people.

The San Francisco Chronicle reports:

The suit says the officers broke open locked doors and cabinets, seized all 14 computers in the building, combed through library and bookstore records, and took computer drives and other items from both Long Haul and East Bay Prisoner Support. The computers were later returned, but the organizations have reason to believe their files were copied, the suit said.

"The police should have treated us with the same respect due to any library whose public-access computers they suspected had been used for improper activity," said Jessy Palmer, a Long Haul volunteer named in the detective's affidavit as the subscriber to the computer where the messages were sent. "Instead of asking for our assistance, they used their investigation as an excuse to break into Long Haul."

The suit contends the search warrant was invalid because UC police offered no evidence that the two organizations were involved in illegal acts and also failed to tell the judge that both groups publish newspapers, a status that requires special justification for law enforcement searches.

This will be a case I will follow here. I'd like to know for one, whether these records have indeed been kept, and two, whether they have been used for anything in particular. Lots of questions that remain unanswered.

Click here to read the Chronicle article.

Or click here to read the write up by the ACLU's Nicole Ozer on the suit.

Tuesday, January 13, 2009

Shields sought over ads tracking mobile users

I'm glad to see that the Center for Digital Democracy and the U.S. Public Interest Research Group are all over this issue, because I don't know about you, but I would rather not be tracked everywhere I go with my cell phone, and then have that information stored and broken down into a detailed consumer profile.

Apparently, that's the Brave New World that these two consumer rights groups are guarding against by appealing to the Federal Trade Commission to investigate the rise in mobile advertising companies collecting vast amounts of information about consumers and their behavior - without fully disclosing it - in an effort to better target their sales pitches.

The San Francisco Chronicle reports:

To tailor ads, mobile advertising firms collect and analyze information about consumers including their mobile browsing histories, device manufacturer, demographic details, products purchased and location. Although the data are anonymous, they can paint a good portrait of an individual's age, race and personality.

...

But the public interest groups asserted that the tracking of mobile phone users is potentially more intrusive than for computer users. Because people carry phones with them where ever they go, particularly with the advent of phones with Global Positioning Systems, marketers can keep a detailed record of their travels.

In any case, the groups insist that consumers are largely unaware of the implications of clicking on the ads and signing up for various mobile services because marketers "utterly fail to inform users what data are being collected and how they will be used," according to the complaint. In particular, they said that the industry's business practices target children, adolescents and minorities.

Click here to read more.

Friday, January 9, 2009

Federal Lawmaker Targets RFID In Privacy Push

I just wrote yesterday about the new RFID law that went into effect in California on January 1st that bans “skimming” information from RFID-enabled IDs without the knowledge and consent of the ID holder. Violators of this law will face ‘imprisonment in a county jail for up to one year, a fine of not more than USD 1,500, or both that fine and imprisonment’.

Well, with a strong Democratic majority in Congress combined with an Obama administration there's a good chance that this law will go national next year, along with a host of other protections against various privacy threats that RFID technology poses (still to be determined).

The article is a short one so I'll just post it in its entirety. K.C. Jones of InformationWeek reports:

A Washington State representative has vowed to fight what he calls "spy technology" devices in a privacy push during 2009. Rep. Jeff Morris, a Democrat, said Tuesday that he will fight the "malicious" use of RFID chips this year. He plans to propose a new package of consumer protection bills next week when the state's legislative session begins.

Morris said that RFID chips are proliferating in consumer products and government identification. While he acknowledges the benefits of the technology, he said consumers and citizens should remain in charge of who collects their personal information.

The lawmaker wants to ban intentional scans of people's identification documents without first gaining specific consent, except in cases of emergencies or court-ordered electronic monitoring. He also wants all products containing RFID chips to be marked clearly so consumers know which products contain them.

Morris said he predicts that business interests and corporate lobbyists seeking broader use of RFID chips will oppose his bills. The technology is not only used for supply tracking but it also can help businesses speed checkout, identify shoppers, and determine shoppers' locations within stores.

"The potential for marketing and convenience is great with this technology," he said. "But so is the threat to our privacy and freedom."

Last year, Morris supported a bill that became the first U.S. law to make it a Class C felony to intentionally scan someone's RFID chip remotely without the person's knowledge and consent. That law is limited to surreptitious scanning, or skimming, for fraud or identity theft.

This marks the second year in a row that California has been one step ahead of the game when it comes to privacy and RFID regulation: first with our state's banning of subcutaneous RFID implants by an employer into his/her employees, and then this year with the ban of "skimming" RFID information of another without their consent. The good news is that it appears other states, and some in Congress, have been paying attention.

Tuesday, January 6, 2009

Two New California Privacy Protection Laws Go Into Effect

Every year the Consumer Federation of California monitors, supports, and opposes numerous bills related to privacy protection. Each year many of these bills are “killed” in the legislature while many others reach the Governor’s desk to either be signed into law or vetoed.

I recently wrote an article for the California Progress Report detailing about six consumer protection bills that we vigorously supported that became official California law on January 1st, 2009. Of those, I'm happy to report two were related to the issue of privacy.

Let me detail what I wrote about these two new laws, one related to RFID regulation and the other to identity theft (with a little bit of additional info):

SB 31 (Simitian) - Prohibiting Reading of RFID without an Individual’s Knowledge and Prior Consent

Radio Frequency Identification Devices (RFIDs) are tiny chips with miniature antennae that are embedded within documents or objects for tracking and identification purposes. When a RFID reader emits a radio signal, the devices in the vicinity respond by automatically transmitting their stored information to the reader.

RFID technology has many useful and promising applications, such as inventory tracking and automatic toll-road payment systems. At the same time, however, it can pose serious privacy and security risks. When embedded in identification documents, for example, information can be scanned off a RFID device at a distance and with no indication to the holder of the RFID device that any information has been remotely transmitted or recorded.

Without adequate protections, unauthorized readers can surreptitiously read and skim the personal information stored on a device—such as a birth date, digital picture, or unique identifier number—all without the knowledge of the RFID holder. This skimmed data can be used to facilitate identity theft or to stalk and track the whereabouts of an individual.

In fact, the very nature of RFID, which is a contactless technology, means that when the system has been breached, the device holder won’t know and therefore won’t know to take steps to protect him or herself.

Thanks to SB 31 - “skimming” information from RFID-enabled IDs without the knowledge and consent of the ID holder is now illegal, and violators of this law will face ‘imprisonment in a county jail for up to one year, a fine of not more than USD 1,500, or both that fine and imprisonment’.

AB 372 (Salas) - Consumer Credit Reports, Security Freezes

Identity theft is one of the fastest growing financial crimes in the U.S. – with nearly 10 million Americans falling victim to it each year. Unfortunately, most consumers are unaware that one of the best ways to protect against identity theft is to place a security freeze on their credit report.

AB 372 - signed by the Governor in July 2008 - reduces fees and shortens the time for consumer security freezes on credit reports. A consumer who has reason to suspect that personal financial information has been breached can place a security freeze that prevents the credit agency from releasing the consumer’s credit report to a third party. A credit freeze can prevent identity theft if is placed promptly.

AB 372 makes it easier and less costly for a consumer to place a security freeze on his credit report. The new law require a credit reporting agency to disclose the right of consumers to place a security freeze on their credit report, reduces from five days to three days the time that a credit agency has to implement the requested freeze, allows consumers to request a freeze by regular written mail instead of certified mail and lowers the fee a credit reporting agency may charge to place a freeze from $12 dollars to $10, or $5 for consumers 65 and older.

Monday, January 5, 2009

Virginia to join list of states to reject Real ID?

Despite failing in numerous attempts last year, some Virginia legislators are back in hopes of garnering enough votes to join the growing chorus of states that have defied the federal government by refusing to participate in a national identification program - also known as REAL ID.

The two pieces of legislation in question when lawmakers return to Richmond on Jan. 14 would call for Virginia to ignore the federal mandate to come into compliance with the Real ID Act by the beginning of next year. The looming deadline for state compliance should give the issue new urgency for not just Virginia, but for dozens of others that have yet to take a stand.

Making the issue - and how it all will play out - all the more unknown is the incoming Obama administration and his Secretary of Homeland Security Gov. Janet Napolitano. I say this because, as I have mentioned in previous posts here, we know very little about where Obama stands on REAL ID, or what he intends to do about this beleaguered, privacy invasive program. Further, Gov. Janet Napolitano has a VERY spotty record on the issue of privacy, yet she did oppose REAL ID as the Governor of Arizona (but only because it was expensive, not because it invaded privacy).

So all in all we are left with one big question mark as to how this program will or will not evolve. The good news is, if states keep refusing to comply, as Virginia is apparently going to attempt to do again, we'll be in good shape.

Virginia News reports:

Since the law's enactment in 2005, at least 42 states have considered anti-Real ID legislation, and more than half have passed measures either forbidding their states from participating or urging Congress to amend or repeal the law. At least five states have gone the other direction, passing bills bringing their programs into compliance. Critics say they expect other states to join Virginia in 2009 to fight against Real ID.

...

States had until May of 2008 to implement Real ID, but the department extended that until Dec. 31, 2009. If they need more time and have met certain benchmarks, states can request an extension until May 11, 2011.

"The bottom line is that citizens of states who do not move forward with the Real ID mandate from Congress will see real consequences," said Laura Keehner, a spokeswoman for the Department of Homeland Security, which is in charge of the program.

...

Critics also claim Real ID diminishes privacy and they object to a national ID that would have to be shown for everyday identification purposes.

"Certainly people should be identified by high standards when that's called for, but it's not called for when you're going to buy beer," said Jim Harper, director of information policy studies for the Cato Institute, a libertarian think tank. "If we're going to have our identity recorded every time we buy beer or use a credit card or buy gas, that turns into one big surveillance system," he said.

One quick remark on the "politics" of this issue. The good news when it comes to the issue of privacy - and I can say this through direct experience on issues ranging from RFID to the sharing of prescription medical records - is the growing coalition that unites both the conservative side of the spectrum with the progressive.

In some ways it appears it's the "middle" of the ideological spectrum that is most absent in this all important debate. But, the fire and passion most definitely is found in the opposing "base's of support", and they (we) agree on something: privacy is a constitutional right.

Click here to read the article in its entirety.