=======================================================================
E P I C A l e r t
=======================================================================
Volume 17.11 June 4, 2010
-----------------------------------------------------------------------
Published by the
Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/alert/epic_alert_1711.html
"Defend Privacy. Support EPIC."
http://epic.org/donate
=======================================================================
Table of Contents
=======================================================================
[1] EPIC, Congress Urge Investigation of Google Street View
[2] TSA Responds to EPIC, Claims Body Scanners Okay
[3] Facebook makes
privacy changes, Questions remain
[4] EPIC Honors 2010 Champions of Freedom
[5] Canadian Privacy Commissioner Launches Street View
Investigation
[6] News in Brief
[7] EPIC Bookstore:
[8] Upcoming Conferences and Events
TAKE ACTION: Stop Airport Strip Searches!
- JOIN Facebook Group "Stop Airport Strip Searches" and INVITE Friends
- DISPLAY the IMAGE http://thepublicvoice.org/nakedmachine.jpg
- SUPPORT EPIC http://www.epic.org/donate/
=======================================================================
[1] EPIC, Congress
Urge Investigation of Google Street View
=======================================================================
Last week, Congressmen
Henry Waxman (D-CA), Joe Barton (R-TX), and
Edward Markey (D-MA) wrote a detailed letter to Google CEO Eric Schmidt
requesting specific
details on the type and scope of information
collected by Google's Street View vehicles. This letter follows a May
18, 2010 letter
from EPIC to Federal Communications Commission (FCC)
Chairman Julius Genachoski, recommending the Commission open an
investigation
into the significant communications privacy issues
arising from the data collected by Google's Street View vehicles and a
May 19,
2010 letter from Congressmen Joe Barton (R-TX) and Edward
Markey (D-MA) to the Federal Trade Commission (FTC) Chairman Liebowitz
inquiring into the legality of Google's actions and asking the
Commission to investigate.
Over the past two months it has been made
public that Google's Street
View vehicles have been collecting more than just a 360 degree
photographic street view for Google Maps
when they drove through cities
worldwide. Google was also collecting data on wi-fi signal strength,
level of encryption, unique identifiers
associated to open (i.e.
non-password-protected) wi-fi signals known as SSIDs and MAC addresses,
and the actual data being sent over
the wi-fi connections (payload
data). All of this data was collected intentionally to support Google's
location services, with the
exception of the payload data, which Google
claims was captured in error.
Google admits it has been collecting this communication
data for years,
but never disclosed this activity prior to the audit request. In its
letter, EPIC highlighted Google's invasion of
privacy and possible
violation of the Wiretap Act, which states, in part: "No person not
being authorized by the sender shall intercept
any radio communications
and divulge or publish the existence, contents, substance, purport,
effect, or meaning of such intercepted
communications to any person."
On request by each respective data protection authority, Google has
deleted payload data collected
for Ireland, Austria, and Denmark and
has kept data by request for Belgium, France, Italy, Spain, Germany,
Switzerland, and the Czech
Republic. However, Google has stated that it
believes that all other collected data is legal because the data is
publicly broadcasted
information. In response to the public outcry,
Google has stated that its Street View vehicles will no longer collect
any wi-fi data.
House Members' Letter to Google
http://www.epic.org/redirect/060410houselettergoogle.html
EPIC Letter to FCC
http://www.epic.org/redirect/060410epicletterfcc.html
House Members' Letter to FTC
http://www.epic.org/redirect/060410housememltr.html
German Federal Commissioner for Data Protection and Freedom of
Information Statement
http://www.epic.org/redirect/050410germdataprotect.html
Google Blog: WifFi data collection: An update
http://www.epic.org/redirect/060410googleblog.html
=======================================================================
[2] TSA Responds to EPIC, Claims Body Scanners Okay
=======================================================================
The Transportation Security Administration (TSA) has responded to
EPIC's petition to suspend the Full Body Scanner (FBS) program.
The
program scans air travelers at security and produces graphic, detailed
images of passengers' bodies. The FBS machines are capable
of storing
and transmitting those images. The collection of this information makes
it possible for the TSA to aggregate body scan
images with names,
addresses, and other personal information, creating highly detailed
profiles that may invade individuals' privacy.
EPIC and several other privacy, civil rights, and consumer rights
organizations submitted the petition to TSA in April 2010, arguing
that
the FBS program infringes travelers' constitutional rights under the
Administrative Procedures Act, the Fourth Amendment, the
Privacy Act,
and the Religious Freedom Restoration Act. The petition also argued
that the FBS program may have unforeseen effects on travelers' health,
and that the scans do not effectively
detect concealed explosives.
TSA's response came on the same day that Ralph Nader and ten privacy
organizations submitted two letters
to House and Senate leaders
expressing grave concerns about FBS devices. In letters addressed to
Congressman Bennie Thompson (D-MS)
and Senator Joe Lieberman (I-CT),
the organizations urged the represenatives to demand that the
Department of Homeland Security cease
deployment of FBS devices in US
airports pending an independent review of the devices' health effects,
effectiveness and privacy
safeguards. The organizations cited
scientists' concerns regarding the health implications of radiation
exposure, as well as passengers'
objections based on religious, health
and privacy concerns.
The TSA response contains cut and paste answers from previous TSA
statements
and unsubstantiated assurances that there are no privacy
harms or health risks. The TSA also provided incomplete legal
analysis
in support of its views that the program is lawful.
EPIC and its coalition partners will continue to press to have the body
scanner
program shut down.
TSA: Response
http://www.epic.org/privacy/backscatter/tsaresp.pdf
EPIC's Petition for Suspensions of the TSA Full Body Scanner Program
http://epic.org/privacy/airtravel/backscatter/petition_042110.pdf
Letters Urging House and Senate Leaders to Suspend Deploying FBS
Devices
http://csrl.org/xray/LiebermanLtr.pdf
http://csrl.org/xray/ThompsonLtr.pdf
2009 Petition to Undertake a Formal Request for Public Comments on FBS
Program
http://www.epic.org/redirect/0604102009petition.html
EPIC Whole Body Imaging Page
http://epic.org/privacy/airtravel/backscatter/
=======================================================================
[3] Facebook makes privacy changes, Questions remain
=======================================================================
In response to growing user unrest and a complaint filed at the Federal
Trade Commission by EPIC and a coalition of privacy and
consumer
organizations, Facebook announced that it would roll back several
changes to Facebook privacy settings that had made personal
information
more widely available than users intended.
Facebook has reduced the enormous number of privacy settings that
users
were previously required to click through. Facebook has also
agreed not forceably publish the basic profile information of users.
And Facebook will give users some control over disclosure of their data
to Facebook's business partners.
But questions still remain
about the default settings, access to user
data by third parties, and whether Facebook will continue to push users
settings to the
"everyone" position at some point in the future.
EPIC President Marc Rotenberg told NPR that the new privacy settings
addressed
several of the concerns raised in the complaint EPIC and
others filed with the FTC. Nonetheless, he said, "It is time now for
Congress
to move forward and update privacy laws for the digital age."
EPIC and others have also urged the FTC to complete its investigation
of Facebook and to publish its findings.
EPIC objected to the last several changes to Facebook's privacy
policies. EPIC filed a
complaint in December of 2009 when Facebook
reclassified certain user data as "publically available information," a
supplemental
complaint in January, and then a new complaint on May 5
when Facebook forced users' profile information to become publicly
available
links instead of private data. Additionally, EPIC has filed a
Freedom of Information Act request with the FTC seeking communications
with Facebook discussing the site's recent privacy changes.
Facebook Blog announcing
privacy control changes
http://blog.facebook.com/blog.php?post=391922327130
EPIC, "Facebook Privacy"
http://epic.org/privacy/facebook/
The American Prospect, "The Case for Staying with Facebook"
http://www.epic.org/redirect/060410staywfacebk.html
NPR, "Facebook's Privacy Shift: How To Protect Yourself"
http://www.epic.org/redirect/060410nprfacebk.html
NPR, "On Point" (with EPIC President Marc Rotenberg)
http://www.onpointradio.org/2010/05/analyzing-facebooks-privacy
EPIC: In re Facebook
http://epic.org/privacy/inrefacebook/
EPIC: In re Facebook II
http://epic.org/privacy/facebook/in_re_facebook_ii.html
=======================================================================
[4] EPIC Honors 2010 Champions of Freedom
=======================================================================
On June 2, EPIC held its annual Champion of Freedom Awards Dinner. This
year's honorees included Pamela Jones Harbour, the Rose
Foundation, and
Representative Joe Barton. The Award is given to outstanding
individuals and organizations who have helped to safeguard
freedom.
Kashmir Hill, co-editor of the legal blog Above the Law and founder of
The Not-So Private Parts blog, emceed the event.
Reece Hirsh, a San
Francisco attorney and author of The Insider, spoke as a special guest.
Honoree Pamela Jones Harbour served as
Commissioner of the Federal
Trade Commission from 2003 until April 2010. A champion of consumer
privacy, Ms. Harbour advocated for
victims of identity theft and
security breaches. She vigorously opposed consolidation of the online
advertising industry, urged the
adoption of privacy and data security
safeguards for Internet users, and pushed for a global privacy
framework regarding cross-border
data transfers. In accepting the
award, Ms. Harbour repeatedly emphasized her view that consumer privacy
protections are both necessary
and appropriate. After stating her
belief that good privacy and good data security is good business, Ms.
Harbour closed by saying
that privacy is a key value, an intrinsic
right, and a reasonable expectation of every individual.
The Rose Foundation Consumer
Rights Fund is the largest privacy donor
in the United States. The Fund was created in 2002 after a series of
legal settlements involving
consumer privacy issues were directed to
the Rose Foundation. Since its creation, the Fund has awarded more than
$4.5 million dollars
to support privacy-related research, education,
advocacy, and policy development. Tim Little, who accepted the award,
shared the
honor with the Fund's grantees and applauded them for their
continuing passion and commitment to protecting constitutional rights
to privacy.
Honoree Joe Barton is Ranking Member of the House Committee on Energy
and Commerce. He has worked to promote America's
financial and medical
privacy as well as to protect safety and privacy on the Internet.
Currently a co-chairman of the Congressional
Privacy Caucasus,
Representative Barton has played a leading role in efforts to establish
privacy safeguards for electronic health
records. Ron Wright, accepting
the award on his behalf, emphasized Representative Barton's commitment
to preserving individuals'
right to be let alone, especially when it
comes to medical privacy and personal information.
The Champion of Freedom Award was established
in 2004. Past honorees
include Senator Patrick J. Leahy, Professor Pamela Samuelson,
Congressman Edward Markey, attorney Paul M.
Smith, director D.J.
Caruso, philanthropist Addison Fischer, Professor Stefano Rodotà ,
privacy advocate Beth Givens, and jurist
Michael Kirby.
EPIC: Champions of Freedom Awards Dinner
http://epic.org/june2/
The Rose Foundation
http://www.rosefdn.org/
Rep. Joe Barton
http://joebarton.house.gov/
Reece Hirsch: The Insider (on Amazon.com)
http://www.epic.org/redirect/060410theinsider.html
Kashmir Hill's Above the Law Blog
http://abovethelaw.com/author/khill/
Hill's Not-So-Private Parts Blog
http://trueslant.com/KashmirHill/
=======================================================================
[5] Canadian Privacy Commissioner Launches Street View
Investigation
=======================================================================
On June 1, 2010, Jennifer Stoddart, the Canadian
Privacy Commissioner
launched an investigation into Google Street View. The investigation
seeks to determine whether Google violated
Canada's private sector
privacy law when its Street View vehicles collected consumer data from
wireless networks. The Privacy Commissioner
noted that her office is
"very concerned about the privacy implications stemming from Google's
confirmation that it had been capturing
[wireless] data in
neighborhoods across Canada and around the world over the past several
years."
In order to equip a given area
in Google Maps with Street View, Google
sends vehicles through the streets to take photographs of the area
while driving through.
In addition to photographs, Google's vehicles also collected data about
the location's wireless networks. In an April 27, 2010 blog
post,
Google claimed that it collected basic information about wireless
networks but not "payload data," the actual content users
send over the
network. However in a second blog post, dated May 14, Google admitted
that it had collected payload data from wireless
networks accessible to
the general public. Payload data may include individual users'
sensitive personal information. Google has
since grounded its Street
View vehicles. The Commissioner has asked Google to retain any user
data it collected in Canada.
Google
is also facing pressure in the United States. Congressmen Joe
Barton (R-TX) and Edward Markey (D-MA) have written a letter to the
Chairman of the Federal Trade Commission asking the Commission to
investigate whether Google's actions violated federal privacy or
consumer protection laws. In addition, Congressmen Barton, Markey,
Henry Waxman (D-CA) have also sent a letter to Google CEO Eric
Schmidt
seeking further answers about Google's data collection efforts.
EPIC has written a letter to the Chairman of the Federal
Communications
Commission, Julius Genachowski, recommending that the Commission open
its own investigation of Street View. In its
letter, EPIC asserted that
Google's routine secret interception and storage of user communication
data appears to violate both federal
wiretap laws and the
Communications Act. EPIC noted that "The Commission plays a critical
role in safeguarding the integrity of
communications networks and the
privacy of American consumers."
News Release from Canadian Privacy Office
http://www.priv.gc.ca/media/nr-c/2010/nr-c_100601_e.cfm
Congressmen Barton and Markey's Letter to Chairman Leibowitz
http://www.epic.org/redirect/060410housememltr.html
Congressmen Barton, Markey, and Waxman's Letter to Eric Schmidt
http://www.epic.org/redirect/060410houselettergoogle.html
EPIC's Letter to Chairman Genachowski
http://www.epic.org/redirect/060410epicletterfcc.html
EPIC: Cloud Computing
http://epic.org/privacy/cloudcomputing/
=======================================================================
[6] News In Brief
=======================================================================
New Study Shows Young Americans Value Privacy
A new study from the Pew Internet and American Life Project has found
that "[r]eputation
management has now become a defining feature of
online life for many internet users, especially the young." The Pew
study, Reputation
Management and Social Media, found that young adults
are far more likely than their older counterparts to take steps to
maintain
control over their digital identities, including changing
their privacy settings, restricting access to their data, and removing
their names from tagged photographs. The report also found that these
privacy-protecting activities have become considerably more
common
across all age groups than they were when a similar study was conducted
in 2006.
The Pew study Reputation Management and
Social Media
http://www.pewinternet.org/Reports/2010/Reputation-Management.aspx
EPIC: Public Opinion on Privacy
http://epic.org/privacy/survey/
UC Davis, Yale Drop Gmail
On April 30, 2010, the University of California at Davis announced its
decision to discontinue consideration
of a proposal to transfer 30,000
university email accounts to Google's Gmail. In an official statement
posted on the university website,
administrators cited both potential
incompatibility with the University of California Electronic
Communications Policy and privacy-related
concerns voiced by members of
the university community. The announcement followed close on the heels
of Yale University's similar
decision to postpone their planned switch
to Gmail, pending more input from faculty and students. According to
the Yale Daily News,
a computer science professor at the university
estimated the switch to Gmail could be made no earlier than spring 2011.
EPIC Gmail
Privacy Page
http://epic.org/privacy/gmail/faq.html
Joint Statement from University of California, Davis
http://vpiet.ucdavis.edu/outsourcing_email_04.2010.pdf
Yale Daily News Article
http://www.epic.org/redirect/060410yaledailynews.html
Google Apps for Education
http://www.google.com/a/help/intl/en/edu/index.html
FTC Delays Identity Theft Rule Yet Again
The Federal Trade Commission is delaying, for the fourth time, its
enforcement of the
"Red Flags Rule." This rule requires creditors and
financial institutions to implement programs to identify, detect and
respond to
the warning signs, or "red flags," that could indicate
identity theft. The FTC has decided to delay enforcement through the
end of
the year in order to give Congress time to enact legislation
that could clarify what kind of entities would be considered
"creditors"
under the rule.
FTC Extends Enforcement Deadline for Identity Theft Red Flags Rule
http://www.ftc.gov/opa/2010/05/redflags.shtm
Fair Credit Reporting Act, containing the "Red Flags Rule"
http://www.ftc.gov/os/statutes/031224fcra.pdf
EPIC: Identity Theft
http://epic.org/privacy/idtheft/
=======================================================================
[7] EPIC Bookstore: "Idiot's Guide to Recovering from Identity
Theft"
=======================================================================
"The Complete Idiot's Guide to Recovering from Identity
Theft"
by Mari J. Frank
As anyone who has been the victim of identity theft knows, recovering
from it can be a daunting prospect.
Mary J. Frank's Idiot's Guide book
is an excellent resource, with clear, step-by-step instructions and
explanations.
Frank first
helps readers pick out the common symptoms of identity
theft. She clearly explains what indicators readers should look for and
what
identity theft is. Then she carefully explains how readers can
tackle the problem and restore their finances, criminal history, and
reputation. Frank educates readers on dealing with credit companies,
financial institutions, government bureaucracies, and civil
court
matters. Along the way, she describes laws such as the Fair Credit
Reporting Act in easily understandable, efficient terms.
Frank also addresses the special issues that arise when a child or
deceased person's identity is stolen. She gives parents and surviving
relatives clear instructions on how to correct the special problems
associated with these situations, and she does it with understanding
of
the emotional issues involved.
Frank's book is an excellent resource for readers who suspect, or have
confirmed, that they are
victims of identity theft. It is welcome peace
of mind, a book long enough to be complete, but short enough to be
manageable, with
clear explanations of complex laws and bureaucracies.
--Ginger McCall
================================
EPIC Publications:
"Litigation
Under the Federal Open Government Laws 2008," edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid
(EPIC 2008).
Price: $60.
http://epic.org/bookstore/foia2008/
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
laws. This updated version includes new material regarding the
substantial FOIA amendments enacted on December 31, 2007. Many of
the
recent amendments are effective as of December 31, 2008. The standard
reference work includes in-depth analysis of litigation
under Freedom
of Information Act, Privacy Act, Federal Advisory Committee Act,
Government in the Sunshine Act. The fully updated 2008 volume is the
24th edition of
the manual that lawyers, journalists and researchers
have relied on for more than 25 years.
================================
"Information
Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.
http://www.epic.org/redirect/aspen_ipl_casebook.html
This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of
privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance
Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive
foundation
for an exciting course in this rapidly evolving area of law.
================================
"Privacy & Human Rights
2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/
This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy
in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating
to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.
================================
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook
This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).
This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals
for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more
involved in the
WSIS process.
================================
"The Privacy Law Sourcebook 2004: United States Law, International
Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.
http://www.epic.org/bookstore/pls2004/
The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource
for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world.
It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD
Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the
Video Voyeurism Prevention Act,
and the CAN-SPAM Act.
================================
"Filters and Freedom 2.0: Free Speech Perspectives
on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0
A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.
================================
EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:
EPIC Bookstore
http://www.epic.org/bookstore
================================
EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents
obtained from government agencies under the
Freedom of Information Act.
Subscribe to EPIC FOIA Notes at:
https:/mailman.epic.org/mailman/listinfo/foia_notes
=======================================================================
[8] Upcoming Conferences and Events
=======================================================================
"The Cyber War Threat has Been Grossly Exaggerated"
Washington, DC, June 8, 2010
For more information:
http://intelligencesquaredus.org/
"Computers, Freedom, and Privacy"
San Jose, June 15-18, 2010.
For more information:
http://cfp.acm.org/wordpress/?p=6
Privacy and Identity Management for Life
(PrimeLife/IFIP Summer School 2010)
Helsingborg, Sweden, August 2-6, 2010.
For more information:
http://www.cs.kau.se/IFIP-summerschool/
Privacy and Security in the Future Internet
3rd Network and Information Security (NIS'10) Summer School
Crete, Greece, September
13-17 2010.
For more information:
http://www.nis-summer-school.eu
Internet Governance Forum 2010
Vilnius, Lithuania, 14-16 September 2010.
For more information:
http://igf2010.lt/
"32nd Int'l Conference of Data Protection and Privacy Commissioners"
Jerusalem, October 2010.
For more information:
http://www.justice.gov.il/MOJEng/RashutTech/News/conference2010.htm
=======================================================================
Join EPIC on Facebook
=======================================================================
Join the Electronic Privacy Information Center on Facebook
http//facebook.com/epicprivacy
http://epic.org/facebook
Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
Support EPIC.
=======================================================================
Privacy Policy
=======================================================================
The EPIC Alert mailing list is used only
to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend
to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases)
our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address
from this list,
please follow the above instructions under "subscription
information."
=======================================================================
About EPIC
=======================================================================
The Electronic Privacy Information Center is
a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues
such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale
of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).
=======================================================================
Donate to EPIC
=======================================================================
If you'd like to support the work of the
Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and
sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:
http://www.epic.org/donate
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation
of encryption and
expanding wiretapping powers.
Thank you for your support.
=======================================================================
Subscription Information
=======================================================================
Subscribe/unsubscribe via web interface:
http://mailman.epic.org/mailman/listinfo/epic_news
Back issues are available at:
http://www.epic.org/alert
The EPIC Alert displays best in a fixed-width font, such as Courier.
------------------------- END EPIC Alert 17.11 ------------------------