You are here:
WorldLII >>
Databases >>
EPIC Alert >>
2006 >>
[2006] EPICAlert 13
Database Search
| Name Search
| Recent Articles
| Noteup
| LawCite
| Help
EPIC Alert 13.13 [2006] EPICAlert 13
EPIC ALERT
Volume 13.13 June 30, 2006
Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/alert/EPIC_Alert_13.13.html
Table of Contents
[1] Government Program Probes Financial Records
[2] EPIC Opposes Photo ID Requirements for Voting
[3] Lawmakers, Industry, Call for Federal Privacy Law
[4] FTC Calls for Open Access to WHOIS
[5] Experts Find Wiretaps Weaken Security
[6] News in Brief
[7] EPIC Bookstore: Vernor Vinge's "Rainbows End"
[8] Upcoming Conferences and Events
[1] Government Program Probes Financial Records
Government officials confirmed last week that the Bush administrationhas been secretly examining banking transactions of thousands
ofAmericans and others. The official confirmations followed news reportsthat revealed the program, the latest in a series of secret
surveillanceprograms conducted by the government. News reports previously revealedthat the National Security Agency was eavesdropping
on Americans' phonecalls and collecting domestic phone records without warrants.
The program, begun after the Sept. 11, 2001 attacks, is run by the CIAand overseen by the Treasury Department. The government used
broad,secret subpoenas to review transactions from Brussels-based bankingconsortium Society for Worldwide Interbank Financial Telecommunications(SWIFT),
which routes information among 7,800 financial institutions inmore than 200 countries.
London-based Privacy International has filed complaints with dataprotection and privacy regulators in 33 European countries againstSWIFT.
Privacy International contends that SWIFT acted "without regardto legal process under Data Protection law when it secretly provided
theTreasury Department with confidential banking transactions of thousandsof international customers. SWIFT's actions are also being
scrutinizedby the Belgian government, which is investigating the legality of thesecret transactions.
President Bush and others in his administration are attacking newspapersfor reporting about and investigating recently discovered
secretsurveillance programs. He claimed that such news reports helpedterrorists by publicizing that their financial transactions
were beingwatched. However, Bush already announced this intention to terroriststwo weeks after the Sept. 11, 2001, attacks. On Sept.
24, 2001, Bushsaid, "We're putting banks and financial institutions around the worldon notice -- we will work with their governments,
ask them to freeze orblock terrorists' ability to access funds in foreign accounts."
Treasury Department Press Release Confirming Secret Program:
http://www.treasury.gov/press/releases/js4332.htm
SWIFT Press Release Explaining Program:
http://www.swift.com/index.cfm?item_id=59897
Privacy International Press Release Describing Complaints:
http://www.epic.org/redirect/pi_finance_release.html
European Union Data Protection Laws:
http://ec.europa.eu/justice_home/fsj/privacy/law/index_en.htm
EPIC's Domestic Surveillance Resources Page:
http://www.epic.org/features/surveillance.html
EPIC's "Privacy Law Sourceboook," explaining U.S. and internationallaws:
http://www.epic.org/bookstore/pls/2004/
[2] EPIC Opposes Photo ID Requirements for Voting
The House Committee on Administration held a hearing on a proposal torequire newly registered voters to produce proof of citizenship.
EPICprovided comments on the hearing, urging the Committee to address realthreats to election integrity. EPIC stated that there were
twoconditions that must be satisfied to meet the requirements of a free,fair, and democratic election: all those who are eligible
to vote mustbe allowed to do so, while those are not eligible must be prevented fromvoting. Violation of either of these two requirements
undermines theintegrity of a public election.
In its comments, EPIC stressed that the voter registration processshould determine voter eligibility, not an ad hoc process conducted
onthe day of the election. "The role of the poll worker is to authenticatevoters without consideration of their income, language
of origin,education, gender, race, or ethnicity," EPIC said.
EPIC also noted the difference between proving citizenship and provingvoter eligibility. For instance, documents that provide proof
ofcitizenship do not prove eligibility to vote: A passport that indicatesbirthplace, does not indicate whether the holder is currently
a residentof the community in which she wishes to vote. EPIC pointed out thatthere is no evidence, research or reporting to substantiate
the threatof illegal or ineligible voters' participation in public elections. EPICalso noted that the committee hearing did not address
the more pressingand proven problem of fraud in absentee ballots.
Increased voter registration requirements in the past have led to voterdisenfranchisement, EPIC said. Requiring voters to affirmatively
provethat they can vote, after they have already done so at registration,placed an unconstitutional burden upon voters. EPIC also
raised theconcern that policymakers seeking additional verification may imposeother identification requirements which would infringe
upon the validityof the secret ballot.
Administration Committee Hearing on Voting ID Requirements:
http://cha.house.gov/hearings/hearing.aspx?NewsID=1359
EPIC's Comments to the Committee (pdf):
http://www.epic.org/privacy/voting/voter_id-statement.pdf
EPIC's Voting Page:
http://www.epic.org/privacy/voting
National Committee for Voting Integrity:
http://votingintegrity.org/
[3] Lawmakers, Industry, Call for Federal Privacy Law
On June 16, Senator Hillary Rodham Clinton (D-NY) announced plans tointroduce comprehensive privacy legislation. At a meeting of theAmerican
Constitution Society, Clinton called for a "Privacy Bill ofRights" that would create privacy protections in the private sector,strengthen enforcement
of medical privacy laws, and ensure checks andbalances on government surveillance. Clinton criticized the current lackof privacy
protections in the United States, saying, "at all levels, theprivacy protections for ordinary citizens are broken, inadequate, andout
of date."
Clinton announced that her consumer protection proposals were to beincorporated in a bill known as the "Privacy Rights and Oversight
forElectronic and Commercial Transactions," or PROTECT, Act. The bill wouldprevent companies from sharing a person's personal information
unlessthe person had opted in to that sharing. It would also grant consumersthe right to freeze their credit, an effective means
of preventingidentity theft. Data brokers would have to grant consumers access totheir own records, and notify consumers if data
has been breached.
Violators would be subject to private suit, in a tiered system designedto insulate small businesses.
The proposed law also would increase the breadth and enforcement ofmedical privacy laws, which Clinton noted were extremely lax. Of
over35,000 privacy law complaints, "not a single, civil, monetary penaltyhas been imposed," she said. Clinton also criticized the
Bushadministration on its warrantless surveillance programs, calling forsurveillance programs to be reviewed by the legislative and
judicialbranches, to ensure the protection of privacy and civil liberties.
The PROTECT Act also creates a high-level privacy czar in the Office ofManagement and Budget, to oversee the federal government's
privacypractices. "We had a privacy czar during the Clinton Administration, butthe current administration shoes not to follow that
model," Clintonsaid.
In related news, Peter Swire, the former Clinton administration privacyczar, testified before a subcommittee of the House Energy and
CommerceCommittee on June 20, representing the Consumer Privacy LegislativeForum, a consortium of businesses also calling for federal
lawsregarding privacy and data security. The businesses called for a morelimited law that would grant consumers "reasonable" access
toinformation held about them, but that would preempt state law, likelystriking down stronger state protections. Executives fromHewlett-Packard
and eBay, members of the Forum, also testified, alongwith Dr. Thomas Lenard, of the Progress and Freedom Foundation, and EvanHendricks
of Privacy Times.
Representatives from both parties agreed that national legislation wasnecessary, but many remained concerned as to whether the companies'
planwould have effective enforcement. Representative Stearns (R-FL), Chairof the subcommittee, suggested that a private right of
action mightencourage compliance with the law and grant individual consumers anamount of redress. Representative Barton (R-TX), Chair
of the full HouseCommerce Committee, also appeared to support some form of a privateright, as did Representative Gonzalez (D-TX).
Representative Schakowsky(D-IL), Ranking Member of the subcommittee, also promoted the idea ofcreating a cross-agency privacy czar.
Senator Clinton's Press Release on Comprehensive Privacy Legislation:
http://clinton.senate.gov/news/statements/details.cfm?id=257234&&
Text of Senator Clinton's speech:
http://clinton.senate.gov/news/statements/details.cfm?id=257288&&
Consumer Privacy Legislative Forum Statement on Federal PrivacyLegislation (pdf):
http://www.cdt.org/privacy/20060620cplstatement.pdf
Testimony of Prof. Peter Swire, on behalf of the Consumer PrivacyLegislative Forum (pdf):
http://www.epic.org/redirect/swire_test.html
EPIC's Privacy and Preemption page:
http://www.epic.org/privacy/preemption/
[4] FTC Calls for Open Access to WHOIS
At the annual meeting of the Internet Corporation for Assigned Names andNumbers (ICANN), U.S. Federal Trade Commissioner Jonathan
Leibowitzcalled for open access to the WHOIS database, as part of the FTC's fightagainst online fraud. WHOIS allows the public to
view the name andpersonal information of any domain name holder. In order to protecttheir privacy, many domain name holders register
through a proxyservice, so that users can contact them via the proxy while theirpersonal information remains protected.
At the Marrakech meeting of the domain name authority, Leibowitz notedthat the database helps law enforcement track down spyware,
spam, andInternet fraud. However, the commissioner also stated that the WHOISdatabase "is most useful when it is accurate." Ensuring
accuracy inWHOIS, however, threatens the ability of users to engage in anonymousfree speech online. Recently, the U.S. National Telecommunications
andInformation Administration prohibited registrars of domain names endingin ".US" from offering proxy services. (EPIC filed a "friend
of thecourt" brief supporting a challenge to this policy in April.)
Leibowitz also criticized ICANN's vote in April to define the purpose ofthe WHOIS database narrowly. The adopted definition stated
that WHOISshould be used to allow users to contact domain name holders to resolve"issues related to the configuration of the records
associated with thedomain name within a DNS nameserver." Leibowitz worried that adefinition of WHOIS that did not include law enforcement
as a purposefor the database would hamper law enforcement access to the personalinformation of domain name holders.
The commissioner did acknowledge, however, that enforcement can continueeven without accurate data, citing cases where the FTC was
able to trackdown fraudsters who had used obviously phony names. Others at themeeting also noted that the existing definition of
the purpose of WHOISdoes not mean that WHOIS data will be removed from public access.
FTC Press Release on WHOIS Access (with link to Leibowitz statement):
http://www.ftc.gov/opa/2006/06/icann.htm
Communique of ICANN's Governmental Advisory Committee (pdf):
http://gac.icann.org/web/communiques/gac25com.pdf
EPIC's WHOIS page:
http://www.epic.org/privacy/whois/
EPIC's Peterson v. NTIA page:
http://www.epic.org/privacy/peterson/
[5] Experts Find Wiretaps Weaken Security
According to a report by the Information Technology Association ofAmerica, attempts to create wiretap-friendly Internet and VoIP serviceswill
build security vulnerabilities into the services. This reportfollows a recent ruling by the D.C. Circuit Court of Appeals thatrequires
broadband and VoIP providers to build systems that thegovernment can wiretap easily. However, technology experts say that thisrequires
either a massive change in Internet infrastructure, or theintroduction of serious security risks.
The report notes that, unlike the traditional phone system, thedecentralized nature of the Internet makes it extremely difficult,
ifnot impossible, to simply extract the desired information from Internetrouters. Doing so would require the restructuring of "a
very largeportion of the routing infrastructure." Other dangers include the easeof accidentally intercepting innocent parties' communications;
creatingeavesdropping systems that could be readily co-opted by bad actors; andthe detection or possible interception of the transmission
to the lawenforcement agency itself. Technical hurdles included the relative lackof physical security surrounding Internet routing
equipment, as well asthe ease with which identities can change on the Internet.
The report, authored by a group of technology and network experts,outlines the technical dangers to applying the Communications Assistancefor
Law Enforcement Act (CALEA) to Internet services. CALEA was createdin 1994, when law enforcement agencies grew concerned that thedevelopment
of wireless and other telephone technologies would hampertheir ability to wiretap phone calls. CALEA required telephone companiesto
build systems that the government could wiretap easily, but,recognizing the differences between telephone service and Internetservices,
Congress did not apply the law to "information services." Arecent ruling, however, upheld the Federal Communications Commission'sextension
of CALEA to VoIP services and broadband.
ITAA Report (pdf):
http://www.itaa.org/news/docs/CALEAVOIPreport.pdf
Opinion in ACE v FCC (pdf):
http://www.epic.org/privacy/wiretap/ace_v_fcc.pdf
EPIC's Wiretap page:
http://www.epic.org/privacy/wiretap/
[6] News in Brief
EPIC Opposes D.C. Police's Proposed Expansion of CCTV SystemIn comments to the Metropolitan Police Department, EPIC opposed aproposed
pilot project that would expand the District's limited systemto a system of constant, surreptitious surveillance of the public.
However, if the project goes forward, EPIC urged the MPD not to changeits public notification standards. As proposed, the new regulationswould
allow the police chief to install and maintain a system of secretvideo cameras without informing the public. Also, EPIC urged the
MPD toset clear, objective standards for evaluating the success of theexpanded system.
EPIC's comments (pdf):
http://www.epic.org/privacy/surveillance/cctvcom062906.pdf
Metropolitan Police Department's site:
http://mpdc.dc.gov/
EPIC's Video Surveillance page:
http://www.epic.org/privacy/surveillance/Stolen Veterans Affairs Laptop and Hard Drive Are FoundThe stolen laptop computer and hard drive containing sensitive data forup to
26.5 million veterans, their spouses, and active-duty militarypersonnel have been found, according to Veterans Affairs Secretary
JimNicholson. This comes as newly discovered documents show that VeteransAffairs had given permission in 2002 for the analyst, from
whom theequipment was stolen, to work from home with data that included millionsof Social Security numbers, disability ratings and
other personalinformation. Agency officials previously said the analyst was firedbecause he violated agency procedure by taking the
data home.
EPIC's Veterans Affairs page:
http://www.epic.org/privacy/vatheft/default.html
Department of Veterans Affairs site:
http://www.va.gov/AT&T Privacy Policy Claims Control over Customers' InfoA new privacy policy unveiled for AT&T's Internet TV offerings claimsthat
customers' personal information belongs to the company. "While yourAccount information may be personal to you, there records constitutebusiness
records that are owned by AT&T, " the policy stated. The policyalso notes that information on users' browsing and viewing habits
willbe recorded. The disclosure of such information by cable companies tothird parties is prohibited by the Cable Communications
Policy Act.
However, it is unlikely that the Act would apply to an Internet providerlike AT&T.
AT&T's Privacy Policy for AT&T Yahoo! and Video Services:
http://support.sbcglobal.net/article.php?item=574
Cable Communications Policy Act, Section 551:
http://www.epic.org/redirect/ccpa.htmlJustice Department Considers Data Retention PlanThe U.S. Department of Justice met with representatives of technologycompanies and
privacy organizations to discuss its Internet dataretention plans. These plans would require Internet service providers tostore all
user records so that law enforcement can later examine themfor evidence of wrongdoing. The data retention scheme is being presentedas
part of an initiative to combat child pornography. The JusticeDepartment has not provided details on this plan, nor has it stated
whythe drastic step of retaining every user's records is necessary.
EPIC's Data Retention Page:
http://www.epic.org/privacy/intl/data_retention.htmlStudy Finds Yahoo's China Filters Most RestrictiveA study released by Reporters Without Borders revealed that, of varioussearch engines
operating in China, Yahoo's filters removed the mostinformation from search results. China severely restricts access toInternet information,
employing filters that block dissident materialfrom being viewed. The study compared the results returned from searchengines Yahoo,
Google, MSN, and local competitor Baidu when researcherssearched for material on topics like "Tibet Independence," "democracy,"
and "human rights." Yahoo and Baidu were also found to prevent users whosearched for such topics from conducting any additional searches,
evenon neutral topics, for an hour.
Reporters Without Borders Study:
http://www.rsf.org/article.php3?id_article=18015
[7] EPIC Bookstore: Vernor Vinge's "Rainbows End"
Vernor Vinge. Rainbows End. Tor Books, 2006.
http://www.powells.com/partner/24075/biblio/1-0312856849-0
"Robert Gu is a recovering Alzheimer's patient. The world that heremembers was much as we know it today. Now, as he regains his facultiesthrough
a cure developed during the years of his near-fatal decline, hediscovers that the world has changed and so has his place in it.
...
With knowledge comes risk. When Robert begins to re-train at FairmontHigh, learning with other older people what is second nature
to Miri andother teens at school, he unwittingly becomes part of a wide-rangingconspiracy to use technology as a tool for world domination.
In a world where every computer chip has Homeland Security built-in,this conspiracy is something that baffles even the most sophisticatedsecurity
analysts, including Robert's son and daughter-in law, two toppeople in the U.S. military. And even Miri, in her attempts to protecther
grandfather, may be entangled in the plot.
As Robert becomes more deeply involved in conspiracy, he is shocked tolearn of a radical change planned for the UCSD Geisel Library;
all thebooks there, and worldwide, would cease to physically exist. He and hisfellow re-trainees feel compelled to join protests
against the change.
With forces around the world converging on San Diego, both theconspiracy and the protest climax in a spectacular moment as unique
andsatisfying as it is unexpected. This is science fiction at its verybest, by a master storyteller at his peak."
EPIC Publications:
"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.
http://www.epic.org/redirect/aspen_ipl_casebook.html
This clear, comprehensive introduction to the field of informationprivacy law allows instructors to enliven their teaching of fundamentalconcepts
by addressing both enduring and emerging controversies. TheSecond Edition addresses numerous rapidly developing areas of privacylaw,
including: identity theft, government data mining,and electronicsurveillance law, the Foreign Intelligence Surveillance Act,intelligence
sharing, RFID tags, GPS, sypware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundationfor an exciting course in this rapidly evolving area of law.
"Privacy & Human Rights 2004: An International Survey of Privacy Lawsand Developments" (EPIC 2004). Price: $50.
http://www.epic.org/bookstore/phr2004
This annual report by EPIC and Privacy International provides anoverview of key privacy topics and reviews the state of privacy in
over60 countries around the world. The report outlines legal protections,new challenges, and important issues and events relating
to privacy.
Privacy & Human Rights 2004 is the most comprehensive report on privacyand data protection ever published.
"FOIA 2004: Litigation Under the Federal Open Government Laws," HarryHammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004).
Price:
$40.
http://www.epic.org/bookstore/foia2004
This is the standard reference work covering all aspects of the Freedomof Information Act, the Privacy Act, the Government in the Sunshine Act,and the Federal Advisory Committee Act. The 22nd edition fully updatesthe manual
that lawyers, journalists and researchers have relied on formore than 25 years. For those who litigate open government cases (orneed
to learn how to litigate them), this is an essential referencemanual.
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit onthe Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook
This resource promotes a dialogue on the issues, the outcomes, and theprocess of the World Summit on the Information Society (WSIS).
Thisreference guide provides the official UN documents, regional andissue-oriented perspectives, and recommendations and proposals
forfuture action, as well as a useful list of resources and contacts forindividuals and organizations that wish to become more involved
in theWSIS process.
"The Privacy Law Sourcebook 2004: United States Law, International Law,and Recent Developments," Marc Rotenberg, editor (EPIC 2005).
Price:
$40.
http://www.epic.org/bookstore/pls2004/
The Privacy Law Sourcebook, which has been called the "Physician's DeskReference" of the privacy world, is the leading resource for
students,attorneys, researchers, and journalists interested in pursuing privacylaw in the United States and around the world. It
includes the fulltexts of major privacy laws and directives such as the Fair CreditReporting Act, the Privacy Act, and the OECD Privacy
Guidelines, as wellas an up-to-date section on recent developments. New materials includethe APEC Privacy Framework, the Video Voyeurism
Prevention Act, and theCAN-SPAM Act.
"Filters and Freedom 2.0: Free Speech Perspectives on Internet ContentControls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0
A collection of essays, studies, and critiques of Internet contentfiltering. These papers are instrumental in explaining why filteringthreatens
free expression.
EPIC publications and other books on privacy, open government, freeexpression, crypto and governance can be ordered at:
EPIC Bookstore http://www.epic.org/bookstore
"EPIC Bookshelf" at Powell's Bookshttp://www.powells.com/features/epic/epic.html
EPIC also publishes EPIC FOIA Notes, which provides brief summaries ofinteresting documents obtained from government agencies under
theFreedom of Information Act.
Subscribe to EPIC FOIA Notes at:
https://mailman.epic.org/cgi-bin/control/foia_notes
[8] Upcoming Conferences and Events
7th Annual Institute on Privacy Law: Evolving Laws and Practices in aSecurity-Driven World. Practising Law Institute. June 19-20,
New York,New York. July 17-18, Chicago, Illinois. Live webcast available. Formore information:
www.pli.edu
identitymashup: Who Controls and Protects the Digital Me? Berkman Centerfor Internet & Society, Harvard Law School. June 19-21,
2006. Cambridge,Massachusetts. For more information:
http://www.identitymash-up.org/
Call for papers for Identity and Identification in a Networked World.
Submissions due by July 5. New York University. Symposium on September29-30, 2006. New York, New York. For more information:
http://www.easst.net/node/976
Infosecurity New York. Reed Exhibitions. September 12-14, 2006. NewYork, New York. For more information:
http://www.infosecurityevent.com
34th Research Conference on Communication, Information, and InternetPolicy. Telecommunications Policy Research Conference. September29-October
1, 2006. Arlington, Virginia. For more information:
http://www.tprc.org/TPRC06/2006.htm
6th Annual Future of Music Policy Summit. Future of Music Coalition.
October 5-7, 2006. Montreal, Canada. For more information:
http://www.futureofmusic.org/events/summit06/
The IAPP Privacy Academy 2006. International Association of PrivacyProfessionals. October 18-20, 2006. Toronto, Ontario, Canada. For
moreinformation:
www.privacyassociation.org
International Conference on Privacy, Security, and Trust (PST 2006).
University of Ontario Institute of Technology. October 20-November 1,
2006. Markham, Ontario, Canada. For more information:
http://www.businessandit.uoit.ca/pst2006/
BSR 2006 Annual Conference. Business for Social Responsibility. November7-10, 2006. New York, New York. For more information:
http://www.bsr.org/BSRConferences/index.cfm
CFP2007: Computers, Freedom, and Privacy Conference. Association forComputing Machinery. May 2007. Montreal, Canada. For more information:
http://www.cfp2007.org
Subscription Information
Subscribe/unsubscribe via web interface:
https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news
Back issues are available at:
http://www.epic.org/alert
The EPIC Alert displays best in a fixed-width font, such as Courier.
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and tosend notices about EPIC activities. We do not sell, rent or
share ourmailing list. We also intend to challenge any subpoena or other legalprocess seeking access to our mailing list. We do
not enhance (link toother databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail addressfrom this list, please follow the above instructions under "subscriptioninformation."
About EPIC
The Electronic Privacy Information Center is a public interest researchcenter in Washington, DC. It was established in 1994 to focus
publicattention on emerging privacy issues such as the Clipper Chip, theDigital Telephony proposal, national ID cards, medical record
privacy,and the collection and sale of personal information. EPIC publishes theEPIC Alert, pursues Freedom of Information Act litigation, and conductspolicy research. For more information, see http://www.epic.org or writeEPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy InformationCenter, contributions are welcome and fully tax-deductible.
Checksshould be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,Suite 200, Washington, DC 20009. Or you can contribute
online at:
http://www.epic.org/donate
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for the rightof privacy and efforts to oppose government regulation
of encryption andexpanding wiretapping powers.
Thank you for your support.
.
WorldLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/2006/13.html
