EPIC Alert Year In Review 2009
E P I C A l e r tYear in Review January 7, 2010
Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/alert/epic_alert_yir2009.html
2 0 0 9 P R I V A C Y Y E A R I N R E V I E W /
2 0 1 0 P R I V A C Y I S S U E S T O W A T C H
Top Privacy Stories 2009 - Data Breaches and ID Theft on the Rise - Supreme Court Strikes Down Strip Searches, Enhanced Penalties for Identity Proxies - White House Visitors Now Public Information - Facebook: Sharing is Caring - Tiger's Texting - Biometric Company Goes Bankrupt. Fingerprints for Sale? - Behavioral Tracking - Europe Updates Communications Privacy Law - Medical Privacy Victories in Congress and the Courts - Octomom Privacy Breach
Top Privacy Issues to Watch in 2010 - Cloud Computing - Smartgrid: Will Your Power Meter be Spying on You? - Federal Trade Commission and Privacy - Data Breach Legislation - Invasion of the Body Scanners - Biometric Identification - Electronic Privacy at the Supreme Court - Google Books and Reader Privacy - De-identification Techniques - Global Privacy Standards
2009 was a busy year for privacy. Big Internet firms, such as Facebook and Google, created new challenges for Internet users as personal data became more valuable to advertisers. Congress considered many privacy bills, though few became law. The Supreme Court decided several privacy cases, including a student strip-search case. The Department of Homeland Security stepped up surveillance of the American public even as a known terrorist boarded a plane with explosive material hidden in his underwear. The year promises even more news with biometric identifiers, body scans, Congressional hearings, a Supreme Court case on text messages, and the related privacy challenges.
Here are the Top Ten Privacy Stories of 2009 and the Top Ten Privacy Issue to Watch in 2010 from the Electronic Privacy Information Center (EPIC):
* * * * * * * * * * * * * * * * * * * * * * * *
Data Breaches and ID Theft on the Rise
Non-profits and the Federal Trade Commission reported a continued rise in data breaches and identity theft in 2009. The FTC received 313,982 identity theft consumer complaints during the past year, topping all previous records. Lawmakers have been unable to pass meaningful legislation so identity thieves and data breachers can look forward to another great - and profitable - year!
* * * * * * * * * * * * * * * * * * * * * * * *
Supreme Court Strikes Down Strip Searches, Enhanced Penalties for Identity Proxies
Concluding that perhaps it was not reasonable to strip search a teenage girl in the hunt for a single tablet of ibuprofin, the Supreme Court ruled 8-1 that such a search violated the Fourth Amendment because "there were no reasons to suspect the drugs presented a danger or were concealed in her underwear." The Court also ruled unanimously that individuals who provide identification numbers that are not their own, but don't intentionally impersonate others, cannot be subject to harsh criminal punishments under federal law. But in a 5-4 decision, the Supreme Court rejected the constitutional right of a convicted individual to access his DNA to prove innocence.
* * * * * * * * * * * * * * * * * * * * * * * *
White House Visitors Now Public Information
In an effort to promote government accountability, the White House decided to release the names of people who visit the White House. The policy includes grade school classes from Des Moines but excludes Supreme Court nominees and national security advisors. This is a good topic for a high school paper.
* * * * * * * * * * * * * * * * * * * * * * * *
Facebook: Sharing is Caring
Oil and water. Privacy and Facebook. The world's top social network service navigated the privacy waters with mixed success in 2009. Early in the year, a proposed change in the Terms of Service that transferred control over user data to Facebook triggered a massive protest. More than 100,000 users signed up for, no surprise, "Facebook Users Against the New Terms of Service." Then a year-end change to the privacy settings led to a formal complaint at the Federal Trade Commission, charging unfair and deceptive trade practices. Share that news item with Everyone!
* * * * * * * * * * * * * * * * * * * * * * * *
Tiger's Texting
The downward slide of golf phenom Tiger Woods began when a few of his texting buddies decided to push the save button instead of delete. Tiger's texts made their way into the national tabloids, the stories followed, and the endorsements soon disappeared. This was all the more amazing since Tiger's yacht is named "Privacy." Warning to celebs: be careful what you text and with whom you text.
* * * * * * * * * * * * * * * * * * * * * * * *
Biometric Company Goes Bankrupt. Fingerprints for Sale?
Clear, a company that offered air travellers the fast lane at airports, may now be playing fast and loose with the customer information it acquired. As a Registered Traveler program, the company obtained biometric identifiers -- digital fingerprints and iris scans -- on more than 100,000 frequent flyers. Clear, operated by Verified Identity Pass, also gathered up detailed personal histories for its private clearance program. But once the company went bankrupt, the biometric ddatabase was the main asset to sell. Lawyers for the customers stepped in and stopped the sale of personal identifiers. Bad news for identity thieves hoping to make it quickly through airline security.
* * * * * * * * * * * * * * * * * * * * * * * *
Behavioral Tracking
In 2009 consumer advocates focused on the companies that focus on consumers. A coalition of privacy groups urged Congress to crack down on behavorial advertising. Lawmakers and the FTC expressed interest. Rep. Rick Boucher announced that he is drafting a bill that would impose strict rules on websites and advertisers. Boucher said his goal is "to ensure that consumers know what information is being collected about them on the Web and how it is being used, and to give them control over that information."
* * * * * * * * * * * * * * * * * * * * * * * *
Europe Updates Communications Privacy Law
Toward the end of the Year, the European Union established new Internet policies, including a right to Internet access, net neutrality obligations, and strengthened consumer protections. Under the ePrivacy directive, communications service providers will also be required to notify consumers of security breaches, persistent identifiers ("cookies") will become opt-in, there will be enhanced penalties for spammers, and national data protection agencies will receive new enforcement powers.
* * * * * * * * * * * * * * * * * * * * * * * *
Medical Privacy Victories in Congress and the Courts
Early in the year, President Obama signed into law the HI-TECH Act of 2009. The Act established new medical privacy safeguards. Medical privacy also had victories in the courts as judges grew leery of the sale of sensitive prescription information.
* * * * * * * * * * * * * * * * * * * * * * * *
Octomom Privacy Breach
There are some personal details that even aspiring reality show stars do not want to share with the world. After the birth of Nadia ("Octomom") Suleman's octuplets, more than two dozen hospital employees took peeks at Octomom's medical records. Apparently US Weekly was not providing detailed enough information. The privacy breaches cost the hospital a cool $250,000, the maximum allowed under California privacy laws.
ISSUES TO WATCH IN 2010
New technologies with interesting privacy implications have been introduced, the government has moved into social networking, the Supreme Court will rule on workplace privacy, and the FTC may take a new stance on regulation. Here are the top ten privacy topics to pay attention to in 2010.
* * * * * * * * * * * * * * * * * * * * * * * *
Cloud Computing
What happens to your data when it's in the cloud? That's the issue that policymakers will look at more closely in 2010, not only because users are moving data to the cloud, but also because government agencies are. Still, the privacy and security risks are real, as the FTC recently reminded the FCC, following a petition from EPIC.
* * * * * * * * * * * * * * * * * * * * * * * *
Smartgrid: Will Your Power Meter be Spying on You?
Standards are still being developed for the Smart Grid, a host of technologies that will modernize the existing electrical grid. The Smart Grid could enable more efficient delivery of electricity and allow consumers to make more informed energy use decisions. But Smart Grid technologies also raises troubling privacy possibilities that there could be very detailed tracking - and record keeping - of individuals’ electricity use. New error message: "Don't you think you've been in the sauna long enough?"
* * * * * * * * * * * * * * * * * * * * * * * *
Federal Trade Commission and Privacy
In 2009, the Federal Trade Commission signaled that it was moving away from the “Notice and Choice,” “hands off” approach to privacy protection. In 2010, the FTC fills in the blanks with a new approach to privacy protection. Welcome to the 21st century, Washington DC.
* * * * * * * * * * * * * * * * * * * * * * * *
Data Breach Legislation
Congress is moving to adopt comprehensive data breach legislation and also to regulate the data broker industry. A Data Breach Bill has passed the House, similar legilsation is pending in the Senate. If passed, the Data Breach bill could provide uniform data breach protections, but also threatens to undermine stricter state data breach laws.
* * * * * * * * * * * * * * * * * * * * * * * *
Invasion of the Body Scanners
The Christmas Day attack has renewed calls for the deployment of digital strip search devices in the nation's airports. Never mind that the devices are not designed to detect the liquid or powder explosives, favored by the bad guys, the machines will subject American air travellers to the full monty, captured in high-res. Heading to the airport? Better hit the gym first.
* * * * * * * * * * * * * * * * * * * * * * * *
Biometric Identification
Even though one company tried to sell the biometric identifiers on 100,000 affluent air travelers (see Top Privacy Stories 2009), don't expect a let up in the rush to digitize fingerprints and iris scans. For advice on how to protect your privacy in a world of biometrics, check out Tom Cruise in Minority Report.
* * * * * * * * * * * * * * * * * * * * * * * *
Electronic Privacy at the Supreme Court
Do workers have privacy rights in their pagers and cell phones? That is a question before the Supreme Court in 2010. The case will allow the court to decide whether government employees have a constitutional right to keep text messages private. And that will hinge on whether employees have a "reasonable expectation of privacy" when they text while at work.
* * * * * * * * * * * * * * * * * * * * * * * *
Google Books and Reader Privacy
And while you're downloading the latest digital text on new threats to your privacy, you might be wondering who's keeping track of your intellectual interest. The answer could be Google. The Internet giant spent the last several years scanning the books in the nation's libraries and now wants to make them available online. Only problem is that Google is planning to track everyone who checks out a digital text unless a federal court in New York says otherwise.
* * * * * * * * * * * * * * * * * * * * * * * *
De-identification Techniques
The holy grail of privacy protection is still genuine techniques for deidentification and anonymization. But finding technqiues that really work is turning out to be a tough problem. Expect more focus on this issue in 2010, as companies and agencies try to develop privacy friendly services.
* * * * * * * * * * * * * * * * * * * * * * * *
Global Privacy Standards
The move is on to establish global standards for personal data. Advocates are rallying behind the Madrid Privacy Declaration, while government officials meet in closed door sessions to hammer out agreements. The big question at the end of 2010 is whether there will be more privacy, more surveillance, or more of both.
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information."
About EPIC
The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, visit http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at:
Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers.
Thank you for your support.
End EPIC 2009 Year in Review