According to the Electronic Privacy Information Center (EPIC), privacy in the United States continues to be a hot issue as proposals for travel passenger profiling and new identity cards provoked public protest and legislation. Google announced a new email service that offered lots of free storage while also peeking at the users’ private messages. ID theft continued to be a national problem. And some states, most notably California, adopted new laws to safeguard personal privacy.

EPIC’s Top Ten privacy issues are:

Foreign Opposition to USA PATRIOT Act

The USA PATRIOT Act, which gave government new authority to collect information about American citizens and visitors to the United States, is under increasing criticism from foreign governments. Latin American countries objected to sending census data and voter records to U.S. law enforcement agencies and Canadian officials warned that the Patriot Act would violate Canadian law.

Google datamines private email

Apparently, there is a shortage of advertising on the Internet — or that must be part of the thinking behind Google’s Gmail — which links keywords in private messages with web-based advertising. Messages to business colleagues, family members, and loved ones have unleashed a myriad of direct advertising to Gmail clients.

Expansion of US-VISIT

US-VISIT, an entry-exit border control system launched in 2004 expanded rapidly following the award of a $15 billion government contract to Accenture, a Bermuda-based corporation which has since exited the country to avoid the corporate taxes. Europeans have bristled when fingerprinted at U.S. airports, and a Brazilian judge okayed the fingerprinting of U.S. tourists, citing our government’s treatment of visitors.

Possible death of airline passenger profiling

At a press conference in Washington, DC earlier in the year, Secretary of Homeland Security Tom Ridge raised his hand as if to put a wooden stake through the heart of “CAPPS II,” the much-criticized passenger profiling system. An independent government review decided that assigning a “terrorist threat index” was not a great idea. Funding for the program was pulled after Congress and civil liberties groups slammed the program. However, by year-end, a new passenger-screening program called Secure Flight was moving forward.

U.S. Medical Records Go Overseas

Offshore outsourcing dramatically increases privacy risks, which has prompted U.S. accountants to propose corporate disclosure of outsourcing practices. California passed a law to notify consumers when their personal information went abroad. But elsewhere, countries expressed concern about privacy protections in the United States and Canada voided a contract with a U.S. company that would have provided services for the 2006 Canadian census.

Data disclosures –

Mission creep continues
The IRS reported that it made 3.7 billion disclosures of tax return information in 2003 for tax and non-tax law enforcement and statistical purposes. Meanwhile, the Pentagon proposed to use tax returns to find “out-of-touch” reservists. The General Accounting Office and the Technology and Privacy Advisory Committee issued reports on government data mining and sharing of public and private sector personal information data. The Census Bureau revised its information sharing policy when it came to light that it has provided information to Homeland Security on persons identifying themselves as being of Arab ancestry.

States Pull Out of Mini-Total Information Awareness Project

Of the thirteen states originally agreeing to participate in the Multistate Anti-Terrorism Information Exchange (MATRIX), only five remain. The program was an effort to establish a state-level data-mining project similar to the Total Information Awareness project killed by Congress in 2003. State governors and attorneys cited their own states’ privacy laws.

ID theft a growing problem;

laws stiffen penalties

ID theft was the number one consumer complaint received by the Federal Trade Commission in 2004. In response, Congress enacted laws to provide stronger penalties for ID theft and “phishing” — the use of fake email addresses to lure sensitive personal information such as credit card numbers from people.

Prevent more stringent ID requirements for voters

The Help America Vote Act placed greater identification requirements on voters registering for the first time. This meant an excessive burden was placed on those who wished to vote, but did not drive or have a need for a state-issued identification card. However, charges of voter fraud during the 2004 election season persist, including here in Washington in the hotly contested governor’s race. This may spur Congress and state legislatures to make greater identification demands on current and newly registered voters as well as anyone attempting to vote.

California continues privacy reforms

California has enacted some of the best new privacy laws in the U.S. — including laws that limit electronic surveillance in rental cars, controls on the Social Security Number, a crackdown on spam and spyware, and new protections for wireless phone numbers.

   Issues to watch in 2005

USA PATRIOT Act Renewal
The USA PATRIOT Act is up for renewal. At issue are the electronic surveillance provisions minimizing the role of the courts and giving the Attorney General broad new powers and limits personal freedoms and privacy.

National ID

The queen of England proposed her subjects have a biometric identifier. The United States took a half step toward national ID with federal mandates for the states’ drivers’ licenses, but stopped short of a full-blown domestic passport. The focus will be on the links between an upgraded state drivers licenses and federal agency databases.

Telemarketers attack privacy rules

The telemarketers are gearing up to go after the Do Not Call list, which now includes more than 80 million subscribers. Also, watch the opt-in privacy safeguards for wireless phone directories collapse unless Congress passes legislation.

Google tracks reading?

The Net’s number one search engine (and number one advertiser) is now planning to convert many of the nation’s libraries into digital format — but the cost may be the loss of reader privacy. Remember to delete those Google cookies.

Is it a phone? Is it the Internet? It’s VOIP!

Internet-based telephone service – “VOIP” — was expected to reach one million users by the end of 2004. But is VOIP a telecommunications service or an information service? There are high stakes for privacy protection. Will the Do Not Call Registry apply to it? Will providers be required to help law enforcement access it? And will we be able to prevent “spit” – the new term for spam delivered to VOIP users?

Smart barcodes, RFID, and spy products

As Jim Kendall has been reporting in his Business Journal column over the past few months, the next-generation standard for RFIDs has been agreed to and adopted. Look for an expansion of RFID products d and more organizations beginning to switch to RFID tracking systems. Guidelines outlining the duties of RFID-using organizations and setting out the rights of individuals who are exposed to RFID-enabled products are needed.

Internet Privacy

With spyware legislation, the ongoing battles against spam, and the development of “spit,” questions about VOIP regulation and the application of law, not to mention the upcoming decision in United States v. Councilman expected in the spring, the boundaries keep shifting.

Outsourcing: Frying pan or fire?

Americans are concerned about privacy and security of offshore and outsourced data processing, tax return preparation and call centers. Meanwhile, Canada and other countries are reviewing their own outsourcing to the U.S. over concerns about the access U.S. authorities have to such records because of the Patriot Act.

Centralized voter registration databases

The Help America Vote Act requires that all states develop and implement centralized voter registration databases by 2006. The lack of technical expertise on the part of state election administrators may leave the centralization of voter registration lists to private contractors or very insecure systems with poor administration. Either case will make it difficult to ensure that personally identifiable information of registered voters will be protected from misuse or abuse. Expect Congress to take a closer look at the privacy standards for voter registration records.

WHOIS Directory

WHOIS, the online database of the millions of people who registered web sites, still lacks basic privacy safeguards.