UPDATE: See below for TSA's response.

A scathing congressional report released Friday confirms that security flaws in a Transportation Security Administration site put thousands of Americans at risk of identity theft.

The report (PDF) also reveals that a no-bid contract to create the site was awarded to an outside company by a TSA employee who had previously worked for that company. Was this just business as usual at TSA?

In October 2006, the TSA launched a Web site to help travelers whose names were erroneously listed on airline watch lists. This site had a number of security vulnerabilities: it … Read more

A British TV presenter has learned the hard way that identity theft is serious, and in the process, become the joke of the moment for privacy bloggers. More importantly, this is the second time in just one year that such a thing has happened. This blog post explores the latest incident, looks back to the past, and then concludes with a more broad analysis.

Jeremy Clarkson, host of the BBC show Top Gear, recently wrote an article for the U.K.'s Sunday Times in which he ridiculed the uproar that had occurred after the British government admitted to losing … Read more

The U.S. Department of Justice won't say when it believes an American citizen should be forced to divulge his or her PGP passphrase.

We've been trying for the last two days to get the DOJ to answer this question, which became an important one after last week's news about a judge ruling a criminal defendant can't be forced to divulge his passphrase on Fifth Amendment grounds.

The Fifth Amendment, of course, protects the right to avoid self-incrimination.

In the case of U.S. v. Sebastien Boucher, federal prosecutors think that the defendant has child pornography … Read more

A federal judge in Vermont has ruled that prosecutors can't force a criminal defendant accused of having illegal images on his hard drive to divulge his PGP (Pretty Good Privacy) passphrase.

U.S. Magistrate Judge Jerome Niedermeier ruled that a man charged with transporting child pornography on his laptop across the Canadian border has a Fifth Amendment right not to turn over the passphrase to prosecutors. The Fifth Amendment protects the right to avoid self-incrimination.

Niedermeier tossed out a grand jury's subpoena that directed Sebastien Boucher to provide "any passwords" used with his Alienware laptop. "… Read more

Updated at 11:58 a.m. PST Wednesday: added response from Google and links to two more letters.

A top Republican in the House of Representatives is demanding that Google answer a barrage of questions about privacy, some of which are related to the company's proposed purchase of the DoubleClick advertising firm.

Rep. Joe Barton, who has positioned himself as a privacy advocate and previously criticized the merger last month, complained in a letter to Google CEO Eric Schmidt that the company had initially agreed to let his aides visit the so-called Googleplex in Mountain View, Calif. but then … Read more

A shadowy federal court that meets behind closed doors to hear wiretapping requests says it won't publicly release even portions of its rulings.

In response to a formal request from the ACLU, the Foreign Intelligence Surveillance Court said on Tuesday that it won't divulge the abridged text of the orders dealing with the Bush administration's eavesdropping scheme on grounds that it could endanger national security.

The 24-page opinion (PDF) disagreed with the Bush administration's suggestion that the ACLU's request be necessarily dismissed out of hand. But after considering the request, the court rejected it on … Read more

The Bush administration has released formerly classified documents that show how it is pressing Congress to rewrite surveillance law and immunize telecommunications companies from lawsuits.

What's also interesting about the documents, which were released in response to the Freedom of Information Act on Monday, is how much is redacted. Entire pages have been excised, in one case leaving only two paragraphs visible.

A few highlights from the the files (1 and 2) obtained by the Electronic Frontier Foundation after a court battle:

• Pages 6-8 of file 1: National Intelligence Director Mike McConnell told Congress three months ago that … Read more

Correction: The authors of the Netflix de-anonymization study contacted me to point out that they originally published a draft of their results a mere two weeks after Netflix released its dataset. Netflix has known about their study for over a year.

Over the past year, there have been a number of high-profile incidents in which sensitive user data was accidentally revealed to the Internet at large. As a result, I believe that high-tech companies will never again share anonymized data on their users with academic researchers, at least not without requiring contracts and nondisclosure agreements. For the users and privacy … Read more

A federal judge has ordered the Bush administration to divulge documents related to immunizing telecommunications companies from lawsuits, saying they illegally opened their networks to the National Security Agency.

U.S. District Judge Susan Illston in San Francisco gave the Office of the Director of National Intelligence until November 30 (Friday) to turn over documents relating to conversations it had with Congress and telecommunications carriers about how to rewrite wiretapping laws.

The Electronic Frontier Foundation had filed this case to seek faster processing of a Freedom of Information Act request it filed, which could help buttress its ongoing lawsuit against … Read more