WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 2008 >> [2008] EPICAlert 14

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 15.14 [2008] EPICAlert 14

E P I C A l e r t


Volume 15.14                                             July 11, 2008
Published by the
Electronic Privacy Information Center (EPIC)
Washington, D.C.

http://www.epic.org/alert/EPIC_Alert_15.14.html


Table of Contents
[1] EPIC Obtains Settlement with FTC Regarding Google Merger Review
[2] EPIC Testifies in Senate on Passport Record Privacy
[3] Google's Data Retention Policy Permits Release of Users' History
[4] Senate Capitulates, Warrantless Wiretapping Law Enacted
[5] Patient Privacy Toolkit Helps Citizens Protect Their Medical Records
[6] News in Brief
[7] EPIC Bookstore: Understanding Privacy by Daniel Solove
[8] Upcoming Conferences and Events - Subscription Information - Privacy Policy - About EPIC - Donate to EPIC http://www.epic.org/donate - Support Privacy '08 http://www.privacy08.org


[1] EPIC Obtains Settlement with FTC Regarding Conflict of Interest

EPIC has settled a Freedom of Information Act lawsuit with the Federal Trade Commission involving the FTC's review of the Google-Doubleclick merger and a conflict of interest that arose from the participation of the Washington law firm Jones Day. The FTC has turned over to EPIC several documents concerning the conflict of interest in the case and also provided attorneys fees to EPIC to settle the case.

In early December 2007, EPIC learned of a conflict of interest in the Google-Doubleclick merger review involving Federal Trade Commission (FTC) Chairman Deborah Platt Majoras and the Jones Day law firm. On December 12, 2007, Jones Day's web site stated that "Jones Day is advising DoubleClick, Inc., the digital marketing technology provider, on the international and U.S. antitrust and competition law aspects of its planned $3.1 billion acquisition by Google, Inc. [...] The transaction is currently under review by the U.S. Federal Trade Commission and European Commission." Chairman Majoras is a former partner of Jones Day. Chairman Majoras' spouse, John M. Majoras, is a current Jones Day partner, "the Firm's global coordinator of competition law litigation," "the Partner-in-Charge of business development in the Washington, D.C. Office" and "a member of the Firmwide Business Development Committee."

On December 12, 2007, EPIC filed a formal complaint with the Secretary of the Commission requesting that Chairman Majoras recuse herself from the FTC's review of the Google-Doubleclick merger. Subsequent to the filing of the recusal petition by EPIC, the page on the Jones Day web site that indicated that the firm was representing Doubleclick on the "U.S. antitrust and competition law aspects" of the merger review by the "U.S. Federal Trade Commission" was removed. The web page has never been re-posted. In its formal complaint, EPIC noted that Chairman Majoras previously recused herself in antitrust matters pending before the FTC when there were similar conflicts of interest with Jones Day. Chairman Majoris refused to recuse herself and the merger was approved.

EPIC then filed Freedom of Information Act requests with the FTC for agency records that directly relate to Chairman Majoras' conflict of interest in the Commission's Google-Doubleclick merger review. On July 8, EPIC obtained documents detailing former FTC Chairman Deborah Platt Majoras' conflict of interest in the Google-Doubleclick merger review. A July 17, 2007 memorandum obtained by EPIC flatly contradicts Majoras' claim that "no one at the FTC" knew of the conflict "until the afternoon of Tuesday, December 11, 2007."

"The documents obtained by EPIC about the Google-Doubleclick deal raise new questions about the adequacy of the FTC's merger review," said Marc Rotenberg, EPIC Executive Director. "We believe that the Office of Government Ethics and the Congressional oversight committees need to begin a formal investigation. If wrongdoing is found, the merger may need to be reopened." Mr. Rotenberg continued, "Ethics in government will be a critical issue for the next Administration. The American people have the right to know whether the Presidential candidates are satisfied with the FTC's handling of the Google-Doubleclick merger review."

EPIC web page - EPIC v. Federal Trade Commission, Conflict of Interest in Google-Doubleclick Merger Review:

http://epic.org/privacy/ftc/foia/

EPIC web page - Privacy? Proposed Google/DoubleClick Deal:

http://epic.org/privacy/ftc/google/

Petition for Chairman Majoras' recusal (pdf):

http://www.epic.org/privacy/ftc/google/recusal_121207.pdf

FTC Statement Regarding Recusal Petition for Review of Proposed Acquisition of DoubleClick, Inc. By Google, Inc.:

http://www.ftc.gov/opa/2007/12/google.shtm


[2] EPIC Testifies in Senate on Passport Record Privacy

EPIC Executive Director Marc Rotenberg testified before the Senate Judiciary Committee on July 10, 2008 on "Passport Files: Privacy Protection Needed for Americans." The hearing followed reports that private contractors working for the State Department snooped through the Passport files of Presidential candidates, celebrities, and others.

At a July 10, 2008 hearing, EPIC urged the Senate Judiciary Committee to implement strong safeguards for all Americans' passport information. EPIC recommends limiting employee and contractor disclosures, increasing accounting requirements, and the creation of an independent privacy agency. Further, EPIC states that the State Department should be more open about its information security practices. Finally, EPIC supports passage of S. 495, the Personal Data Privacy and Security Act. The Committee Hearing follows the Office of Inspector General's (OIG) release of a heavily redacted report prompted by the highly publicized breaches of 3 U.S. Senators' electronic passport files.

The internal watchdog of the State Department "found many
[institutional] control weaknesses relating to the prevention and detection of unauthorized access to passport and applicant information" and the subsequent disciplinary response. Only 6 of 22 recommendations were not completely redacted. The OIG used vague language, like "consider", "determine the feasibility of", and "evaluate" to recommend that the State Department implement comprehensive strategies to those weaknesses. The report also recommended assessments of existing security controls, the provision of in-house breach notification, and the extension of authorized access policies to other agencies. In a limited review of 150 high-profile people's passport files, the report found that 127 of 150 prominent figures' files were accessed at least once; 42 files were viewed at least 26 times. During this election season, contractors breached the passport files of Senators McCain, Obama, and Clinton.

Senators Leahy and Specter called on the Department of Justice to launch criminal investigations without waiting for the State Department's internal review, contrary to Attorney General Mukasey's plan. On March 21, 2008, Secretary of State Rice apologized to the three Presidential candidates after media reports showed that three private contractors improperly accessed their confidential passport files. In 1992, then-Presidential candidate Bill Clinton fell victim to a similar breach.

Two Senate bills address issues inadequately discussed in the Inspector General's report. One bill specifically tackles the issues of breach notification and contractor relationships. Another bill expands criminal liability to include conspiracy, restitution, and forfeiture. Instead of requiring concrete action, the heavily redacted report merely suggests that the State Department consider and evaluate potential programs to ensure individuals' privacy.

The unauthorized access of Americans' passport files containing personally identifiable information could easily lead to identity theft. The breach of Presidential candidates' files clearly has implications during this important election year. The lack of institutional control over access to sensitive data, especially by contractors, is troubling.

EPIC's Senate Testimony (pdf):

http://epic.org/privacy/travel/pass/senate071008.pdf

EPIC page on Passport Privacy:

http://epic.org/privacy/travel/pass/default.html

EPIC page on Identity Theft:

http://epic.org/privacy/dv/identity_theft.html

State Department's Inspector General Recommendations (pdf):

http://www.govexec.com/pdfs/070308n2.pdf

Personal Data Privacy and Security Act of 2007:

http://thomas.loc.gov/cgi-bin/bdquery/z?d110:S.495:

Identity Theft Enforcement and Restitution Act of 2007:

http://thomas.loc.gov/cgi-bin/bdquery/z?d110:S.2168:


[3] Google's Data Retention Policy Permits Release of Users' History

On July 2, 2008, a New York court granted a motion to compel production of "all data from the Logging database concerning each time a YouTube video has been viewed on the YouTube website or through embedding on a third-party website". The owner of YouTube, Google, has defended its data retention policy claiming users' data is retained to improve the company's search services. Google ignored recommendations to amend its policies and discontinue retaining its' users personal information. In Viacom's copyright infringement suit, the court ordered Google to provide Viacom with data retained in their logging database. This includes each viewer's unique login ID and the Internet Protocol (IP) address for that viewer's computer. This ruling could affect Youtube users everywhere.

Viacom filed suit for the user's logging data claiming Youtube encourages users to upload significant amounts of pirated copyrighted shows. Google/Youtube contends this would, at a minimum, violate users' privacy. The court, however, claims privacy concerns are speculative. The court cited Google's own assertion that IP addresses of computers aren't personally revealing to justify its ruling. Privacy groups have long held that Google should not retain such identifiable information as IP addresses because the company could not control the release of such data. The court's order to release the data confirms EPIC's contentions. In addition, EPIC stated its concern of collecting personally identifiable data by search engines which leads to behavioral marketing and widespread public disclosure of personal information.

In response to privacy advocates' concerns arising from Google's failure to conspicuously post its privacy policy, the company added a privacy link to its home page. EPIC, along with other privacy advocates, urged Google to comply with California's privacy policy law and the "standard practice for commercial Web sites". Google added the privacy policy link on day 31 of EPIC's 30-day countdown of the California law notice deadline.

Justia Page on Viacom International, Inc. et al v. Youtube, Inc. et al:

http://epic.org/redirect/justia_viacom_youtube.html

Judge Order for Release of Documents (pdf):

http://epic.org/redirect/viacom_youtube.html

EPIC page on Search Engine Privacy:

http://epic.org/privacy/search_engine/

Privacy link on Google.com:

http://epic.org/redirect/google_privacylink.html

Letter from Privacy Groups to Google (June 3, 2008) (pdf):

http://epic.org/privacy/ftc/google/Google_Letter060308.pdf


[4] Senate Capitulates, Warrantless Wiretapping Law Enacted

On July 10, President Bush signed the FISA Amendments Act of 2008, thereby clearing the way for warrantless wiretapping by intelligence officers. A day earlier, the US Senate granted full legal immunity for telecommunications companies that participated in the White House's extrajudicial wiretapping program since 2001. President Bush threatened to veto the bill unless it immunized companies like AT&T and Verizon from lawsuits relating to their facilitation of the National Security Agency's domestic spying. American citizens have filed about 40 such lawsuits and alleged that the federal spy agency tapped their phones without a warrant, and that private telecom companies permitted the government to listen to calls without legal authorization.

On July 3, Judge Vaughn R. Walker, the chief judge presiding over the cases, released his ruling on one of the lawsuits, rejecting the Bush administration's legal justifications for the snooping program: "Whatever power the executive may otherwise have had in this regard,
[federal law] limits the power of the executive branch to conduct such activities." On the heals of this determination, a federal appeals court was set to rule on a number of other class action lawsuits against the telecom companies relating to their cooperation with the eavesdropping program. However, the Senate's passage of the immunity bill will likely force the closure of those cases. Senator Patrick Leahy argued that Congress' actions were "flying in the face" of judicial review established in Marbury v. Madison, and mean that courts can reach "no conclusive judgment on the president's program, ever, and thus no accountability." Senator Leahy further protested "stripping the Federal Courts of jurisdiction in cases which have been pending for over three years."

A proposal to strip retroactive immunity for telecom companies was defeated by a 66-32 vote. The proposal's sponsor, Connecticut Senator Chris Dodd, labeled the debate a "false dichotomy" between privacy and security, observing that, since 2004, the United States Foreign Intelligence Surveillance Court granted 18,761 warrants and rejected just 5.

An attempt to "substitute" the US government for the telecom companies was defeated by a vote of 61-37. The plan would have barred lawsuits against private companies, but allowed claims against the government agencies that ran the domestic spy program. The plan's author, Pennsylvania Senator Arlen Specter, called the immunity bill "a historical embarrassment," adding that the vast majority of senators voting on the bill had not read about the details of the program. Senator Specter also criticized his colleagues, suggesting that the continued classification of the program precluded an honest vote on immunity: "We don't know what we're voting on […] and we don't know what this program is, and yet we are granting retroactive immunity to the telecom companies." Finally, the Senate declined to delay action on the immunity decision until after the Inspectors General's final report on the President's surveillance program.

President Bush signs FISA Amendments Act of 2008:

http://www.whitehouse.gov/news/releases/2008/07/20080710-2.html

Ruling of Hon. Vaughn R. Walker in warrantless wiretapping lawsuit (pdf):

http://epic.org/redirect/vaughnwalker_wiretap.html

Senator Dodd's proposal to strip retroactive immunity:

http://thomas.loc.gov/cgi-bin/query/D?r110:1:./temp/~r1103uy6HM

Senator Specter's attempt to substitute the US government for the telecom companies:

http://thomas.loc.gov/cgi-bin/query/D?r110:4:./temp/~r110174sMt

Senator Bingaman's plan to delay action until the Inspectors General's final report is released:

http://thomas.loc.gov/cgi-bin/query/D?r110:3:./temp/~r110g85A0s

EPIC's web page on FISA:

http://epic.org/privacy/terrorism/fisa/


[5] Patient Privacy Toolkit Helps Citizens Protect Their Medical Records

In April 2008, 130,000 Wellpoint, Inc. customers learned that the health insurer disclosed their private medical records, including their social security numbers, on the Internet. This followed a virtually identical February breach that disclosed health information on the Internet regarding 71,000 people enrolled in Georgia public health programs. These breaches make clear that numerous privacy violations have exposed millions of Americans' medical information to criminals, identity thieves, and other prying eyes. Despite citizens' unambiguous desire to keep their medical information private, their wishes have been frustrated by these medical data breaches and a lack of easily available information about how citizens can protect themselves.

In an effort to make medical record privacy information more accessible to the public, Patient Privacy Rights, a non-profit group whose mission is to ensure that Americans control all access to their health records, created the Patient Privacy Toolkit. "The move to electronic health records, the lack of protection for personal health records, and the ineffectiveness of HIPPA can cause serious consequences for citizens, including discrimination against people with a genetic predisposition or a previous illness," said Katherine Johnson, the program and outreach coordinator of Patient Privacy Rights. The toolkit includes important information and documents, such as forms to opt out of the American Medical Association's database, a summary of health privacy laws in each state, and consent forms to request that a doctor only disclose medical information with the patient's consent. It is available for free on the Patient Privacy Rights website.

Congress is currently considering a bill on medical records privacy. The discussion draft of the bill includes breach notification similar to that in California, which would let citizens know if their records are breached. Congress recently invited EPIC to comment on the discussion draft. EPIC suggested additions, including a clear statement of Americans' right to privacy of their health records, incorporation of enhanced privacy protections for especially sensitive health information, establishment of a patients' right of action for individuals whose medical privacy is violated, and a requirement that companies take commonsense steps to secure electronic health information.

Patient Privacy Rights:

http://www.patientprivacyrights.org/

EPIC's Medical Records Privacy Site:

http://epic.org/privacy/medical/

EPIC's comments on the discussion draft on medical records privacy (pdf):

http://epic.org/privacy/medical/EPIC_HIT_060908.pdf

Wellpoint Data Breach - Chicago Tribune Review

http://epic.org/redirect/wellpoint_databreach.html Bill to Amend the Public Health Service Act to Promote the Adoption of Health Information Technology, and for Other Purposes:

http://www.govtrack.us/congress/bill.xpd?bill=h110-6357


[6] News in Brief

District of Columbia Rolls Out First-of-its-kind Unified ID Card

This summer, the District of Columbia will begin distributing the "DC One Card", an all-in-one ID card for residents and workers. The card will eventually incorporate several forms of credentials, including public transit fare cards, library cards, and student IDs; it will also be required in order to access government, park, and community facilities. Although government officials claim that there are no current plans to track cardholders, they also admit that personal data will be collected and retained. The government will maintain a database that contains personally identifiable information about all card holders, including name, address, telephone number, date of birth, a part of the social security number, and the various agencies and programs at which the card has been registered.

The DC One Card Website:

http://dconecard.dc.gov/

EPIC's page on National ID Cards:

http://epic.org/privacy/id-cards/

Federal Trade Commission Studying Recourse for Identity Theft Victims

Federal regulators are investigating the sufficiency of the assistance available to identity theft victims. The Federal Trade Commission seeks public comments to advance its understanding of victims of identity theft and their experiences with consumer reporting agencies. The study comes while identity theft watchdogs warn that data breaches are at an all-time high. Identity theft victims often interact with commercial data brokers when they exercise rights afforded to them under the Fair Credit Reporting Act. Consumer protection law allows victims to place fraud alerts on their files and to dispute inaccurate information. The Commission's study seeks to discover whether these private companies' practices hinder victims from exercising their rights to protect themselves from the harm arising from the original identity theft. Public comments must be filed by September 2, 2008 and should be submitted in electronic form.

FTC Request for Public Comment

http://www.ftc.gov/opa/2008/07/fcra.shtm

EPIC page on the Fair Credit Reporting Act:

http://epic.org/privacy/fcra/

CIPPIC Offers $20,000 Privacy Fellowship

An Internet law clinic at the University of Ottowa is still taking applications for a Fellow studying privacy issues. Law school applicants may apply for a $20,000 Fellowship with The Canadian Internet Policy and Public Interest Clinic ("CIPPIC"), by including a cover letter explaining their interest in the Fellowship and how it fits in with their proposed academic research. The Fellow's research may include comparative analysis of data protection laws, state surveillance initiatives, consumer profiling, online social networking, and Canadian privacy law reform. CIPPIC provides a hands-on clinical learning environment where students work with professors at the intersection of technology and policy. Its mission is to fill voids in public policy debates on technology law issues, ensure balance in policy and law-making processes, and provide legal assistance to under-represented organizations and individuals on matters involving the intersection of law and technology.

Canadian Internet Policy and Public Interest Clinic:

http://www.cippic.ca/en/

University Of Ottowa Online Admissions:

http://www.grad.uottawa.ca/apply

Report: ID Theft Reaches All-Time High

Identity theft has reached an all-time high, according to a watchdog group's latest report. The Identity Theft Resource Center reports that the total number of publicly disclosed data breaches in the first half of 2008 is more than 69% greater than in the same time period last year. It also notes that the actual number of breaches this year is likely even higher than the 342 mentioned in the report, due to underreporting and the fact that some of the breaches reported as a single event actually affected multiple businesses. Weak protections by businesses over databases of customer information have contributed mightily to the growth of the illicit industry of appropriating personal information to commit fraud. In April, EPIC filed comments with the Federal Trade Commission, urging the FTC to include civil penalties in its proposed settlement with several companies responsible for data breaches. EPIC argued that remedial measures alone would provide an insufficient incentive for companies to protect consumers' data.

Identity Theft Resource Center Publishes Figures For First Half Of 2008:

http://epic.org/redirect/identity_theft_report.html

EPIC Page On Identity Theft:

http://epic.org/privacy/idtheft/

Legal Battle May Disallow Publication on Cracked RFID Chip

Researchers from the Dutch Radboud University have cracked and cloned London's Oyster travel card, after cracking the Dutch Mifare Travel card. The latter would be used in a nationwide network for billing of public transportation. Both cards use the Mifare Classic RFID tag, which relies for its security on an algorithm that can be cracked with modest effort. The troubled card provides for contact-less entrance to public transportations and office buildings worldwide. The manufacturer of the chip, NXP, follows Dutch secretary of state Tineke Huizinga in claiming that publication of the results is irresponsible. While NXP is taking the researchers to court, the University issued a statement valuing scientific publication of security leaks and mentioning that the publication will help NXP to develop a better chip. The results will be published at the European computer security (Esorics) conference in Spain in September of this year.

Raboud University's Digital Security Group Page on Mifare:

http://www.ru.nl/ds/research/rfid/

EPIC page on RFID:

http://epic.org/privacy/rfid/

Facebook Exposes Images of Users' Drivers Licenses

On May 2, 2008, the social networking website Facebook exposed some users' driver's license images. Facebook requires that members who register as musicians submit digital images of their driver's licenses. The social networking site reportedly stores the images in anticipation of potential copyright disputes related to music posted on Facebook. In a letter to Maryland officials, Facebook described the security breach, blaming "a temporary code glitch," and said that at least two Maryland residents were affected. Facebook also stated that the driver's license images were subsequently moved to "a separate, secure database to ensure the information is not inadvertently displayed in the future." In personal letters to the affected users, Facebook recognized that the breach puts users at risk for identity theft and fraud, warning that, "we recommend you closely monitor your financial accounts and, if you see any unauthorized activity, promptly contact your financial institution." The letter alleges that Facebook is "modifying its systems and practices to enhance the security of sensitive information," but failed to identify any concrete steps by the social networking giant.

Facebook Exposes Images of Users' Drivers Licenses (pdf):

http://www.oag.state.md.us/idtheft/Breach%20Notices/ITU-153491.pdf

EPIC - "Facebook Privacy":

http://epic.org/privacy/facebook/default.html

Iraqi Woman Objects to "Virtual Strip Search"

The use of invasive body-imaging technology is alienating conservative Muslim women in Iraq. Recently, a female government employee wrapped in traditional Muslim garb stood outside the heavily-secured green zone in Baghdad, holding up a protest placard and a picture of a naked woman.  It is an example of the images Baghdad security employees see when they search Iraqi women using Backscatter X-Ray Scanners, as well as the images that a growing number of Transportation Security Administration employees can see when they screen travelers in American airports.  "We're not terrorists, and we care about our safety," said the Iraqi woman.  She objects to the policy summed up on her placard -- "Either no clothes, or the American prisons."  The Transportation Security Administration has been expanding the use of these scanners in airports as a substitute to pat-down searches.  The images can be seen by male and female employees, and raise concerns that they can be saved and viewed later.

Backscatter X-ray Protest in Iraq:

http://www.npr.org/templates/story/story.php?storyId=92301102

EPIC's Page On Backscatter X-Ray Screening:

http://epic.org/privacy/airtravel/backscatter/

EPIC's Spotlight On Backscatter X-Ray Screening:

http://epic.org/privacy/surveillance/spotlight/0605/


[7] EPIC Bookstore: Understanding Privacy by Daniel Solove

Understanding Privacy by Daniel J. Solove

http://www.powells.com/partner/24075/biblio/1-9780674027725-0

The book is written with the goal of bringing clarity to the conceptualization of privacy. The purpose of the conceptualization of privacy is to define its unique characteristics. Solove strives to create a new understanding of privacy while navigating its complex issues without giving way to vagueness. The author acknowledges the difficulty in establishing a fix definition of privacy. He sees privacy as consisting of “both a positive and negative right,” with an intense struggle over what falls within and outside of the right to privacy.

He asserts that to solve some of the problems of privacy we must begin with a conceptualization of privacy based on Ludwig Wittgenstein’s concept of “family resemblances” to “guide policymakers and legal interpretations.” This perspective on privacy would focus on identifying the many similarities among those areas considered to be problematic situations. Solove cites this lack of conceptualization as the underlying reason for the difficulty faced by policymakers and the courts in correctly prescribing solutions to privacy problems. Solove states that the courts and policymakers have been influenced by the work of privacy theorists who fall short in their attempt to conceptualize privacy.

Solove would like to further make the case that the use of the word “privacy” should conform to its conceptualization. Chapter 3 through 6 make that case that conceptualization of privacy should be understood “in a pluralistic manner from the bottom up, as a set of protections against a related cluster of problems.” Solove’s theory involves four aspects: a method, a degree of generality, a structure that accommodates variability, and a focus. He advocates that we should understand privacy in a pluralistic manner; and that generality should seek a balance between “generality and particularity. “ He states that another hurdle in the striving for a legal and policy framework for privacy is that it is not a fixed thing it changes with the passage of generations and the traversing of societies. The cultural and historical aspects of our understanding of privacy are interwoven with changing attitudes, institutions, living conditions, and technology. He says that to achieve variability an acknowledgement of the significance of these aspects of the human condition are essential.

Is it possible to develop a unified theory of privacy? Privacy is a completely unique human concept that has defied a single all encompassing definition. This is an interesting read—one that may intrigue privacy experts and those exploring the realms of the “right to be let alone.”

Lillie Coney


EPIC Publications:

"Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.

http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law.


"Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75.

http://www.epic.org/phr06/

This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published.


"FOIA 2006: Litigation Under the Federal Open Government Laws," Harry A. Hammitt, Marc Rotenberg, Melissa Ngo, and Mark S. Zaid, editors (EPIC 2007). Price: $50.

http://www.epic.org/bookstore/foia2006

This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 23nd edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual.


"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40.

http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process.


"The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40.

http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act.


"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20.

http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression.


EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at:

EPIC Bookstore

http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books

http://www.powells.com/bookshelf/epicorg.html


EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:

https:/mailman.epic.org/mailman/listinfo/foia_notes


[8] Upcoming Conferences and Events

Fighting Internet Censorship. July 15, 2008, US House of Representatives
Room to be determined. For more information:
http://www.freedomhouse.org

The 8th Privacy Enhancing Technologies Symposium (PETS 2008), 23-25 July, 2008, Leuven, Belgium. For more information:
http://petsymposium.org/2008

DHS Public Workshop Data Mining. July 24-25, Washington, DC. For more information:
http://edocket.access.gpo.gov/2008/E8-14394.htm

The Privacy Symposium - Summer 2008: An Executive Education Program on Privacy and Data Security Policy and Practice, August 18-21, 2008, Harvard University, Cambridge, MA. For more information:
http://www.privacysummersymposium.com/

Privacy Awareness Week. August 24, 2008. Australia, New Zealand, Hong Kong, Korea and Canada. For more information:
http://www.privacyawarenessweek.org/paw

Youth Privacy Online: Take Control, Make It Your Choice! September 4,
2008, Eaton Centre Marriott, Toronto. For more information:
http://www.ipc.on.ca

Access to Information: Twenty-five Years on. September 8, Minto Suites
Hotel, Ottowa. For more information:
http://www.rileyis.com/seminars/

International Symposium on Data Protecion in Social Networks. October 13, 2008, Strasbourg. For more information:
http://epic.org/intsymposium_sns.html

Protecting Privacy in a Borderless World. October 15-17, 2008, Strasbourg. For more information:
http://www.privacyconference2008.org

Privacy in Social Network Sites Conference October 23-24, 2008. Delft University of Technology, Faculty of TPM, The Netherlands. For more information:
http://www.ethicsandtechnology.eu


Subscription Information

Subscribe/unsubscribe via web interface:

https://mailman.epic.org/mailman/listinfo/epic_news

Back issues are available at:

http://www.epic.org/alert

The EPIC Alert displays best in a fixed-width font, such as Courier.


Privacy Policy

The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information."


About EPIC

The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax).


Donate to EPIC

If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers.

Thank you for your support.


Support Privacy '08

If you would like more information on Privacy '08, go online and search for "Privacy 08". You'll find a Privacy08 Cause at Facebook, Privacy08 at Twitter, a Privacy08 Channel on YouTube to come soon, and much more. You can also order caps and t-shirts at CafePress Privacy08.

Start a discussion. Hold a meeting. Be creative. Spread the word. You can donate online at epic.org. Support the campaign.

Facebook Cause:

http://www.epic.org/redirect/fbprivacy08.html

Twitter:

http://twitter.com/privacy08

CafePress:

http://www.cafepress.com/epicorg


END EPIC Alert 15.13

.


WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.worldlii.org/int/journals/EPICAlert/2008/14.html