You are here:
WorldLII >>
Databases >>
EPIC Alert >>
2005 >>
[2005] EPICAlert 11
Database Search
| Name Search
| Recent Articles
| Noteup
| LawCite
| Help
EPIC Alert 12.10 [2005] EPICAlert 11
EPIC ALERT
Volume 12.10 May 20, 2005
Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/alert/EPIC_Alert_12.10.html
Table of Contents
[1] More Than 40 Groups Oppose Homeland Security's Weak Privacy Rules
[2] EPIC Documents: DC Metro's SmarTrip Collects Vast Traveler Data
[3] Congress Passes Controversial ID Bill Without Debate
[4] Study Shows Data Brokers' Files Error-Ridden, Acxiom Unresponsive
[5] House Bill Would Turn SSN Into a National Identifier
[6] News in Brief
[7] EPIC Bookstore: Jensen & Draffan's "Welcome to the Machine"
[8] Upcoming Conferences and Events
[1] More Than 40 Groups Oppose Homeland Security's Weak Privacy Rules
A coalition of 41 groups including EPIC, American Civil Liberties Union,Council On American-Islamic Relations, and People For The
American Way,submitted comments opposing the Department of Homeland Security's planto exempt a vast database from legal requirements
that protect privacyand promote government accountability. The coalition stated that theagency's plan leaves individuals without
the ability to correctinaccurate information and without protection against possible abuse ofthe database.
According to DHS, the Homeland Security Operations Center Database("HSOCD"), will serve as "a single, centralized repository for gatheredinformation."
The agency seeks broad exemptions from key fairinformation principles such as the Privacy Act of 1974 requirements thatan individual
be permitted access to personal information, that anindividual be permitted to correct and amend personal information, andthat an
agency assure the reliability of personal information for itsintended use. These exemptions would allow DHS to track and profileindividuals,
including American citizens who seek to aid homelandsecurity investigations, with little accountability.
For this database, DHS proposes to deny individuals the civil remediesthey have against an agency for failure to comply with its obligationsunder
the Privacy Act. Providing individuals with the right to judicialreview is crucial because the new database will have information
notonly about suspected criminals, but also about people who offerinformation about terrorism, as well as current and former DHS
employeesand contractors. Though the Privacy Act requires an agency to providereasons why the database should be exempted, DHS has
not yet provided anexplanation.
The coalition asked DHS to create privacy rules for the database thatwould 1) provide individuals judicially enforceable rights of
access andcorrection; 2) limit the collection of information to only that which isnecessary and relevant; and 3) respect individuals'
rights to theirinformation that is collected and maintained by the agency.
Coalition Comments on the Proposed Exemptions for the DHS Database (pdf):
http://www.epic.org/privacy/homeland/dhs_hsocd_final.pdf
The Department of Homeland Security's Notice of Privacy Act Exemptionsfor the Database:
http://www.epic.org/redirect/hsocd.html
NPR Story: Privacy Groups Sound Warning on Homeland Security Database http://www.npr.org/templates/story/story.php?storyId=4656200
EPIC's Privacy Act of 1974 page:
http://www.epic.org/privacy/1974act/
[2] EPIC Documents: DC Metro's SmarTrip Collects Vast Traveler Data
Documents recently obtained by EPIC from the Washington MetropolitanArea Transit Authority show the extensive scope of the data collectedand
processed by the SmarTrip program. SmarTrip uses permanent,rechargeable farecards embedded with radio frequency identification(RFID)
chips to keep track of the cards' values and travel itineraries.
SmarTrip cards can be used to pay fares on the Metro's rail and bussystems, as well as for parking in Metro parking lots.
The documents show that the SmarTrip program can collect a vast amountof information about a passenger, including personal information
such asname, address, and phone number; the place and time of the passenger'sarrival in the Metro system; the place where the passenger
exits thesystem; the amount of time the passenger spends traveling within thesystem; and the time and date the passenger enters and
leaves a Metroparking lot. This data can be used to create a detailed profile of theSmarTrip cardholder. Most similar records held
by state agencies areprotected by law. Currently, only an internal Metro policy protects theinformation collected through the SmarTrip
system.
The Washington Metro announced this week a new privacy policy for thecollection and use of SmarTrip data or credit card usage in
the Metrosystem. The policy limits disclosure without prior written authorizationfrom the person. It assures individuals access to
their own informationand an accounting of disclosures. The Board also approved changes to itsPublic Access to Records Policy, more
closely aligning it with thefederal Freedom of Information Act. The changes to that policyestablish certain exemptions and time frames for processing requests,provide for judicial review, and
exempt individual SmarTrip data fromdisclosure except in limited instances.
EPIC supported the changes, but noted that the new policy will permitdisclosure of passengers' personal information -- including
all SmarTripinformation -- upon written request from the head of a federal, state orlocal government agency in the context of a specific
civil or criminallaw enforcement activity.
Documents obtained by EPIC from the Washington Metropolitan Area TransitAuthority (pdf):
http://www.epic.org/foia_notes/wmata.pdf
EPIC FOIA Note #5: DC Metro Tracks Travelers:
http://www.epic.org/foia_notes/note5.html
EPIC's comments to DC Metro:
http://www.epic.org/open_gov/foia/wmata/parp_cmts-021405.html
Metro's Proposed Amended Public Access to Records Policy and ProposedPrivacy Policy (approved May 19, 2005) (pdf):
http://content.wmata.com/board_gm/board_docs/051905_PARP.pdf
Announcement of New Metro Privacy and Open Records Policy http://wmata.com/about/parp2.cfm
[3] Congress Passes Controversial ID Bill Without Debate
Congress has passed the supplemental military spending bill to which theREAL ID Act was attached, and President Bush will soon sign
thelegislation. The REAL ID Act, a national ID program, mandates federalidentification standards and requires that state DMVs collect
sensitivepersonal information. Congress passed REAL ID without a hearing eventhough legislators in both parties urged debate.
Under the REAL ID Act, state DMVs will have to verify identificationdocuments and the legal status of immigrants. States are mandated
tolink their databases so that all information collected by each DMV canbe accessed. Several state DMV offices have recently been
the targetsof identity thieves.
The National Governors Association and National Conference of StateLegislatures are two of more than 600 organizations that oppose
the REALID Act. The NGA and NCSL urged Congress to reject the REAL ID Act andinstead remain committed the driver's license and ID
card provisions ofthe Intelligence Reform and Terrorism Prevention Act, which passed inDecember with bipartisan support.
States can choose to opt-out of the program, but REAL ID mandates thatlicenses from opt-out states cannot be used as identification
forfederal purposes. This means that residents of states that reject theREAL ID program will not be able to board a plane or enter
a federalbuilding with their licenses.
Rep. James Sensenbrenner, the act's sponsor, has estimated that enactingREAL ID would cost $100 million. However, the National Conference
ofState Legislatures said it cost states $500 million to $700 million.
Whatever the cost, Congress has not yet allocated any funds for theprogram.
EPIC's National ID Cards and REAL ID page:
http://epic.org/privacy/id_cards/
Text of H.R. 418, the Real ID Act:
http://thomas.loc.gov/cgi-bin/bdquery/z?d109:h.r.00418:
Letter from Bipartisan Senate Coalition on Need for Hearing:
http://www.epic.org/redirect/sen_frist.html
Letter from National Governors Association, American Association ofMotor Vehicle Administrators, National Conference of State Legislatures,Council
of State Governments urging rejection of REAL ID:
http://www.epic.org/redirect/govletid.html
[4] Study Shows Data Brokers' Files Error-Ridden, Acxiom Unresponsive
PrivacyActivism, a San Francisco-based privacy group, released a studyThursday showing that commercial data brokers Choicepoint and
Acxiommaintain files with significant errors. The study also showed thatAcxiom was unresponsive to a number of requests made by individualsattempting
to obtain their own dossiers.
In the study, 11 people requested their Choicepoint and Acxiom dossiers.
Although the sample size was small, the results showed significantproblems at both commercial data broker companies. All 11 participantswere
successful in obtaining their Choicepoint reports quickly, but allfound errors in their files. Of the sample, 73 percent found errors
inbasic biographical information in their Choicepoint reports, whichincludes name, date of birth, current address, and phone number.
Otherfields in the reports had errors too, such as length of residence atcurrent and past addresses, real property owned, purchase/sale
dates ofreal property. The group also found that three reports identifiedindividuals incorrectly as officers of corporations. Choicepointrecently
claimed that only .0008 percent of the company's backgroundchecks have incorrect information, according to the Wall Street Journal.
PrivacyActivism found that only six of the 11 requestors were able toobtain their dossiers from Acxiom. The six that did obtain their
reportshad to wait an average of 89 days after their requests to receive aresponse from Acxiom. At least one biographical information
error was in67 percent of the Acxiom reports. One Acxiom report identified anindividual by the incorrect gender.
PrivacyActivism study on Choicepoint and Acxiom:
http://www.privacyactivism.org/Item/222
EPIC's Choicepoint page:
http://www.epic.org/privacy/choicepoint/
[5] House Bill Would Turn SSN Into a National Identifier
EPIC Executive Director Marc Rotenberg testified before the HouseSubcommittee on Immigration, Border Security, and Claims on the "IllegalImmigration
Enforcement and Social Security Protection Act of 2005."
EPIC stated that the bill has significant flaws, among them are the lackof adequate privacy and security safeguards.
The bill requires Homeland Security to create a database containinginformation on employment eligibility, as well as information on
allcitizens and non-citizens living in the country legally. This wouldtransfer SSN record information from the Social Security Administrationto
the Department of Homeland Security, and would dramatically expandthe mission of DHS to include determining who is eligible to work
in theU.S.
The bill would require each citizen and non-citizen in the U.S. toprovide this new national identity card to each prospective employer.
Supporters of the bill deny that it will be used as a national ID card,and point a disclaimer in the bill stating: "This card shall
not be usedfor the purpose of identification." EPIC stated that employers, facingstiff penalties for hiring ineligible workers, likely
would use the SSNcard as a de facto identification card, no matter what disclaimer wasplaced onto the card.
EPIC testified that the SSN was never intended to be a nationalidentifier, and should not be used as such. The subcommittee was urgedto
limit the use of the Social Security Number, and to create strongsafeguards for this sensitive personal information.
EPIC's Testimony Before the House Subcommittee on Immigration, BorderSecurity, and Claims (pdf):
http://www.epic.org/privacy/ssn/51205.pdf
Text of H.R. 98: The Illegal Immigration Enforcement and Social SecurityProtection Act of 2005:
http://thomas.loc.gov/cgi-bin/bdquery/z?d109:h.r.00098:
View a Webcast of the May 12, 2005 Hearing:
http://judiciary.house.gov/hearings.aspx?ID=108
[6] News in Brief
EPIC Testifies in Senate on ID Theft and Data Broker IndustryEPIC Executive Director Marc Rotenberg testified before the SenateCommittee
on Commerce, Science and Transportation on identity theft andcommercial data brokers last week. EPIC highlighted the need for alegislative
response to the problem of commercial data brokers, such asLexisNexis, Choicepoint, and Acxiom, that house and exploit troves ofpersonal
information about individuals. EPIC recommended that theGramm-Leach-Bliley Act's Security Safeguards Rule should be applied todata
brokers, and the California data security breach notice law shouldbe extended to the federal level. EPIC also recommended passage
of S.
768, the Comprehensive Identity Theft Protection Act, which would limitthe purposes for which data brokers' information could be used,
andensure that individuals have a right to access and correct their files.
EPIC's Testimony Before the Senate Committee (pdf):
http://epic.org/privacy/id_cards/testimony50905.pdf
View a Webcast of the May 10, 2005 Hearing:
http://commerce.senate.gov/hearings/witnesslist.cfm?id=1491
EPIC's Choicepoint Page:
http://epic.org/privacy/choicepoint/Air Travelers Stripped Bare With X-ray MachineThe Transportation Security Administration plans to introduce "virtualstrip search"
X-ray machines at select U.S. airports later this year.
The controversial systems, which are already used at by U.S customsagents at 12 airports to screen passengers suspected of carrying
drugs,will scan general air travelers. Security workers using the $100,000refrigerator-size machines can see through clothes and
show images of aperson's nude body. The machines use "backscatter" technology, whichbounces low-radiation X-rays off of a passenger
to produce photo-qualityimages of metal, plastic and organic materials underneath clothes. TSAhas not announced when or where it
will test the machines.
EPIC's Air Travel Privacy page:
http://www.epic.org/privacy/airtravel/
Survey: U.S. Employers Likely To Monitor, Use Surveillance SystemsA survey of 526 U.S. companies found that 75 percent of companiesmonitor
workers' Web site connections, 50 percent store and reviewemployees' computer files, and 55 percent review e-mail messages. Thereport
by the American Management Association and the ePolicy Institutealso found that 51 percent of the companies surveyed use videomonitoring,
up from 33 percent in 2001. Of the organizations thatmonitor their employees, 80 percent inform workers that the company ismonitoring
content, keystrokes and time spent at the keyboard; 82percent notify employees that the company stores and reviews computerfiles;
86 percent alert employees to e-mail monitoring; and 89 percentnotify employees that their Web usage is being tracked.
AMA and ePolicy's 2005 Electronic Monitoring & Surveillance Survey:
http://www.amanet.org/press/amanews/ems05.htm
EPIC's Workplace Privacy page:
http://www.epic.org/privacy/workplace/
Students Build Database on a Shoestring, Public RecordsComputer science graduate students with $50 and a tight timeline wereable to
create databases rich with personal information from legal,publicly available databases. Student groups, led by Johns HopkinsUniversity
Professor Aviel Rubin, obtained more than 1 million records,including death records, property tax information, campaign donations,phone
books, and business permits. Mr. Rubin and his students wereprofiled recently by the New York Times, along with the work of BettyOstergren,
the "Virginia Watchdog," who has found the Social Securitynumbers of prominent officials, including Colin Powell and Porter Goss,in
public records.
New York Times Article on the Johns Hopkins Students:
http://www.epic.org/redirect/nytjohns.html
The Virginia Watchdog, Betty "BJ" Ostergren:
http://www.opcva.com/watchdog
EPIC's Social Security Numbers page:
http://www.epic.org/privacy/ssn/
Some U.S. Visitors Must Have High-tech Passports in JuneCitizens from the 27 "visa-waiver" countries must have machine-readablepassports
by June 26 or they could be denied entry into the U.S. Anyairline, cruise ship or other transportation carrier that allows avisa-waiver
citizen to travel without a machine-readable passport willbe fined $3,300 per person. People with immediate travel plans whocannot
obtain a machine-readable passport in time should apply for aU.S. visa. The Department of Homeland Security said the machine-readablepassports
will speed the customs process for travelers. This deadline isdifferent from the October 2005 deadline that the State Department
hasset for the 27 visa waiver countries to obtain passports containingbiometric data.
State Department's Visa Waiver Program page:
http://travel.state.gov/visa/temp/without/without_1990.html
EPIC's Air Travel Privacy page:
http://www.epic.org/privacy/airtravel/
Homeland Security Seeks More Data on EuropeansDepartment of Homeland Security Secretary Michael Chertoff announcedthis week that the
United States would seek additional information fromEuropean leaders about European air passengers heading to the UnitedStates. The
United States and Europe currently have in place anagreement that permits the transfer of European passenger data. ManyEuropean political
leaders believe this violates European privacy laws.
The European Parliament has brought a legal challenge against thecurrent policy.
Department of Homeland Security http://www.dhs.gov
EPIC's Passenger Profiling page http://www.epic.org/privacy/airtravel/profiling.html
[7] EPIC Bookstore: Jensen & Draffan's "Welcome to the Machine"
Derrick Jensen & George Draffan, Welcome to the Machine: Science,Surveillance, and the Culture of Control, (Chelsea Green Publishing
Co.
2004)
http://powells.com/cgi-bin/biblio?inkey=62-1931498520-0
"In their new collaboration for the "Politics of the Living" series,Derrick Jensen and George Draffan reveal the modern culture of
themachine, where corporate might makes technology right, government moneyfeeds the greed for mad science, and absolute surveillance
leads toabsolute control
--
and corruption. Through meticulous research andfiercely personal narrative, Jensen and Draffan move beyond journalismand exposé to
question our civilization’s very mode of existence.
Welcome to the Machine defies our willingness to submit to theinstitutions and technologies built to rob us of all that makes ushuman
--
our connection to the land, our kinship with one another, ourplace in the living world."
EPIC Publications:
"Privacy & Human Rights 2004: An International Survey of Privacy Lawsand Developments" (EPIC 2004). Price: $35.
http://www.epic.org/bookstore/phr2004
This survey, by EPIC and Privacy International, reviews the state ofprivacy in more than sixty countries around the world. The surveyexamines
a wide range of privacy issues including data protection,passenger profiling, genetic databases, video surveillance, ID systemsand
freedom of information laws.
"FOIA 2004: Litigation Under the Federal Open Government Laws," HarryHammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004).
Price:
$40. http://www.epic.org/bookstore/foia2004
This is the standard reference work covering all aspects of theFreedom of Information Act, the Privacy Act, the Government in theSunshine Act, and the Federal Advisory Committee Act. The 22ndedition fully updates the manual
that lawyers, journalists andresearchers have relied on for more than 25 years. For those wholitigate open government cases (or
need to learn how to litigatethem), this is an essential reference manual.
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit onthe Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook
This resource promotes a dialogue on the issues, the outcomes, and theprocess of the World Summit on the Information Society (WSIS).
Thisreference guide provides the official UN documents, regional andissue-oriented perspectives, as well as recommendations and
proposalsfor future action, as well as a useful list of resources and contactsfor individuals and organizations that wish to become
more involved inthe WSIS process.
"The Privacy Law Sourcebook 2003: United States Law, InternationalLaw, and Recent Developments," Marc Rotenberg, editor (EPIC 2003).
Price: $40. http://www.epic.org/bookstore/pls2003
The "Physicians Desk Reference of the privacy world." An invaluableresource for students, attorneys, researchers and journalists
who needan up-to-date collection of U.S. and International privacy law, aswell as a comprehensive listing of privacy resources.
"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0
A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens
free expression.
"The Consumer Law Sourcebook 2000: Electronic Commerce and the GlobalEconomy," Sarah Andrews, editor (EPIC 2000). Price: $40.
http://www.epic.org/cls
The Consumer Law Sourcebook provides a basic set of materials forconsumers, policy makers, practitioners and researchers who areinterested
in the emerging field of electronic commerce. The focus ison framework legislation that articulates basic rights for consumersand
the basic responsibilities for businesses in the online economy.
"Cryptography and Liberty 2000: An International Survey of EncryptionPolicy," Wayne Madsen and David Banisar, authors (EPIC 2000).
Price:
$20. http://www.epic.org/bookstore/crypto00&
EPIC's third survey of encryption policies around the world. Theresults indicate that the efforts to reduce export controls on strongencryption
products have largely succeeded, although severalgovernments are gaining new powers to combat the perceived threats ofencryption
to law enforcement.
EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:
EPIC Bookstore http://www.epic.org/bookstore
"EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html
EPIC also publishes EPIC FOIA Notes, which provides brief summariesof interesting documents obtained from government agencies under
theFreedom of Information Act.
Subscribe to EPIC FOIA Notes at:
https://mailman.epic.org/cgi-bin/control/foia_notes
[8] Upcoming Conferences and EventsSixth Annual Institute on Privacy Law: Data Protection - The Convergenceof Privacy & Security. May 23-24, 2005. Atlanta, Ga. For
moreinformation:
http://www.pli.edu/product/program_detail.asp?ptid=511&stid=3&id=
EN00000000019985
Debating REAL ID: A New National Driver's License? Center for AmericanProgress. May 26, 2005. Washington, DC. For more information:
http://www.americanprogress.org/site/apps/nl/content3.asp?c=biJRJ8OVF&b=
616855&content_id={3FD4782D-1E53-4440-ADF8-6E7DF0CF851C}¬oc=1
SEC2005: Security and Privacy in the Age of Ubiquitous Computing.
Technical Committee on Security & Protection in Information ProcessingSystems with the support of Information Processing Society of
Japan.
May 30-June 1, 2005. Chiba, Japan. For more information:
http://www.sec2005.org.
Sixth Annual Institute on Privacy Law: Data Protection - The Convergenceof Privacy & Security. June 6-7, 2005. San Francisco, CA.
For moreinformation: http://www.pli.edu/
Sixth Annual Institute on Privacy Law: Data Protection - The Convergenceof Privacy & Security. June 20-21, 2005. New York, NY. For
moreinformation: http://www.pli.edu/
Internet Corporation For Assigned Names and Numbers (ICANN) Meeting.
July 11-15, 2005. Luxembourg City, Luxenbourg. For more information:
http://www.icann.org.
3rd International Human.SocietyInternet Conference. July 27-29,
2005. Tokyo, Japan. For more information: http://hsi.itrc.net.
PEP05: UM05 Workshop on Privacy-Enhanced Personalization. July 2005.
Edinburgh, Scotland. For more information:
http://www.ics.uci.edu/~kobsa/PEP05.
Access to Information: Analyzing the State of the Law. RileyInformation Services. September 8, 2005. Ottawa, Ontario. For moreinformation:
http://www.rileyis.com/seminars/
5th Annual Future of Music Policy Summit. Future of Music Coalition.
September 11-13, 2005. Washington DC. For more information:
http://www.futureofmusic.org/events/summit05/index.cfm.
6th Annual Privacy and Security Workshop. Centre for Innovation Law andPolicy (University of Toronto) and the Center for Applied CryptographicResearch
(University of Waterloo). November 3-4, 2005. University ofToronto. For more information:
http://www.cacr.math.uwaterloo.ca/conferences/2005/psw/announcement.html
The World Summit on the Information Society. Government of Tunisia.
November 16-18, 2005. Tunis, Tunisia. For more information:
http://www.itu.int/wsis.
Internet Corporation For Assigned Names and Numbers (ICANN) Meeting.
November 30-December 4, 2005. Vancouver, Canada. For moreinformation: target="new">http://www.icann.org.
Subscription Information
Subscribe/unsubscribe via web interface:
target="new">https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news
Back issues are available at:
http://www.epic.org/alert
The EPIC Alert displays best in a fixed-width font, such as Courier.
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or
share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do
not enhance (linkto other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under"subscription
information."
About EPIC
The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus
public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord
privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Actlitigation, and conducts policy research. For more information,
seehttp://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248(fax).
If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible.
Checks should be made out to "EPIC" and sent to 1718Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you cancontribute
online at:
http://www.epic.org/donate
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation
ofencryption and expanding wiretapping powers.
Thank you for your support.
.
WorldLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/2005/11.html