Albanach writes "Scotland's Sunday Herald newspaper has an exclusive report that the Best Western hotel chain has lost the personal details of each and every guest who has stayed at any of its 1300 hotels in the past 12 months. This amounts to details on 8 million customers and includes information such as name, address, credit card details and employment details. The data even includes future booking details, causing speculation that homes could be targeted for burglary when it's anticipated they will be unoccupied. A Best Western spokesperson is quoted as saying 'Best Western took immediate action to disable the compromised log-in account in question. We are currently in the process of working with our credit card partners to ensure that all relevant procedural standards are met, and that the interests of our guests are protected.'"

I Don't Believe in Imaginary Property writes "Attorney General Michael Mukasey has agreed to allow Congressional hearings, but not to delay, the implementation of new FBI regulations that would allow them to spy on American citizens who are not suspected of any crime. As an editorial in the New York Times points out, this is a power that has a history of abuse. In times past, it was used to wiretap Rev. Martin Luther King, Jr. and to spy on other civil rights and anti-war protesters." As Dekortage points out, "Several senators have formally complained that citizens could be investigated 'without any basis for suspicion,' which the Justice Department denies."

Because the number of abductions in Mexico has jumped almost 40% in the past 3 years, the wealthy are getting subcutaneous transmitters so they can be tracked when kidnapped. Xega, the Mexican security firm which makes the chips, has seen a sales jump of 13% this year. The company injects the crystal-encased chip, the size and shape of a grain of rice, into clients' bodies with a syringe. The chip then sends radio signals to a larger device carried by the client with a global positioning system in it. A satellite can then be used to find the location of the missing person. Things must be a lot worse in Mexico than I thought.

PizzaFace writes "The Washington Post reports on the booming business of selling your medical treatment records. Today these are mainly records of your prescriptions, but the data warehouses will soon have records of your lab tests, too. The companies selling these records make it easy for insurance companies to avoid risk by assigning each person a health score, similar to a credit score, or by flagging items in each person's history that suggest chronic or potentially expensive health problems. It's not just for insurers, either; employers who check applicants' credit scores will surely be interested in their health scores as well."

An anonymous reader writes "The New York Times is saying that Steve Jobs doesn't have cancer, but that he needs to disclose all the information about his medical condition so investors can decide. Gizmodo's strong rebuttal says that everyone has the right to keep medical records confidential. They argue that, if prominent US presidents legally kept their grave illnesses secret — even while the security of the country was at stake — a simple CEO should be able to do the same: 'Steve Jobs has the right to keep his medical records private for as long as he wants. Like FDR. Like JFK. Like any single person in this country and the world. It's our right, as humans, to do so.'"

Shafted writes "I'm in a bit of dilemma, and I'm wondering what fellow Slashdotters think regarding this subject. I've been hosting web sites for some clients for years using my own server. About a year and a half ago, I got a reseller account with a company that will remain nameless. They are, however, fairly large, and they did come highly recommended. Other than the usual slow tech support, occasional server overloading, and... well... typical support staff, it's been pretty good and has saved me from having to deal with problems like hardware and driving down to the colo at 4AM to figure out a routing problem. All-in-all, it was acceptable. Until yesterday, when I was asking for a relatively minor email-related fix, and by the tech support staff's response, they had accessed my MySQL database directly and looked at the contents; presumably, in order to tell me what I was doing wrong. Regardless of the fact that they missed the boat with regards to the support question, I found it surprising that they would access my database data without my consent. When I asked them why they were accessing the database without my permission, they've pretty much ignored me, despite repeated requests asking why they think this is acceptable. So, my question is this: Do I, as a customer who, according to the acceptable use policy, owns my data, have a reasonable expectation of privacy for the data which I own, despite it being hosted on a third-party's server? Or do web hosting companies have the right to poke around at everyone's data as they see fit?" Read below for the rest of the question.

An anonymous reader writes "A group of researchers from the University of Colorado and University of Washington could face both civil and criminal penalties for a research project (pdf) in which they snooped on users of the Tor anonymous proxy network. Should federal prosecutors take interest in the project, the researchers could also face up to 5 years in jail for violating the Wiretap Act.The researchers neither sought legal review of the project nor ran it past their Institutional Review Board. The Electronic Frontier Foundation, which has written a legal guide for Tor admins, strongly advises against any sort of network monitoring."

RalphTheWonderLlama writes "The trials of NebuAd by Charter Communications were halted after it gained the attention of Congressmen Ed Markey and Joe Barton. The online behavioral targeting system has been called "a 'man-in-the-middle attack' and various other unflattering names" but would certainly be an easy way for an ISP to cash in on client profiling." PaisteUser points out MSNBC's coverage as well, according to which the ad-insertion scheme was dropped because of "concerns raised by customers."

An anonymous reader writes "The Pirate Bay, in response to Sweden's new wiretapping law, will start offering SSL encryption to its user base this week. Although copyright issues really have little to do with national security, The Pirate Bay knows its population is uneasy with the recent legal change. The encryption will mostly benefit Swedish users living under the current law. Since The Pirate Bay and its servers are not hosted in Sweden, the additional security offered to outside users could be comparatively minimal."

StealthyRoid writes "The Senate mortgage bill proposed by Sen. Chris Dodd (who was the recipient of a sweetheart deal on his mortgage from Countrywide, one of the beneficiaries of the bill) includes an attempt to sneak into law a requirement that all electronic payment processors send detailed transaction data to the federal government. The proposed law contains an exception for businesses with fewer than 200 transactions or a total value less than $10,000. Quoting FreedomWorks chairman Dick Armey (former House majority leader) from the article: 'This is a provision with astonishing reach, and it was slipped into the bill just this week. Not only does it affect nearly every credit card transaction in America, such as Visa, MasterCard, Discover, and American Express, but the bill specifically targets payment systems like eBay's PayPal, Amazon, and Google Checkout that are used by many small online businesses. The privacy implications for America's small businesses are breathtaking.'" This is the same bill that contains a controversial provision to fingerprint all mortgage brokers.