=======================================================================
E P I C A l e r t
=======================================================================
Volume 17.09 May 10, 2010
-----------------------------------------------------------------------
Published by the
Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/alert/epic_alert_1709.html
"Defend Privacy. Support EPIC."
http://epic.org/donate
EPIC Awards Dinner
with Reece Hirsch and Kashmir Hill
honoring Pamela Jones Harbour and the Rose Foundation
June 2, 2010
Washington, DC
http://www.epic.org/june2/
=======================================================================
Table of Contents
=======================================================================
[1] EPIC Urges Congress to Protect Children's Privacy Online
[2] Supreme Court Hears Arguments on Petitioner Privacy
[3] Privacy
Groups Warn FTC of Facebook's Unfair and Deceptive Acts
[4] In Amicus Brief, EPIC Urges Federal Court to Stop Wiretap Abuse
[5] Government
Wiretaps Up 26% in 2009
[6] News in Brief
[7] EPIC Bookstore: "The Insider"
[8] Upcoming Conferences and Events
TAKE ACTION: Stop
Airport Strip Searches!
- JOIN Facebook Group "Stop Airport Strip Searches" and INVITE Friends
- DISPLAY the IMAGE http://thepublicvoice.org/nakedmachine.jpg
- SUPPORT EPIC http://www.epic.org/donate/
=======================================================================
[1] EPIC Urges
Congress to Protect Children's Privacy Online
=======================================================================
EPIC President
Marc Rotenberg testified before the Senate Commerce
Committee last week urging Congress to extend the Children's Online
Privacy Protection
Act (COPPA) to teenagers and social network
services. He said that, "COPPA did not anticipate the immersive online
experience that
a social network service would provide or the extensive
data collection of both the trivial and the intimate information that
children
would share with friends." Emphasizing the emergence of social
network services since the adoption of COPPA, Mr. Rotenberg pointed
out
"the increasingly opaque way that companies transfer user information
to third parties," as a concern for children's privacy.
Mr. Rotenberg also highlighted the Federal Trade Commission's failure
to enforce children's privacy rights despite clear-cut violations
of
the federal law. For example, EPIC filed a complaint with the FTC
against Echometrix, a company selling "parental control" software
that
secretly monitored children's online activity for marketing purposes.
The FTC ignored EPIC's complaint, but the Department of
Defense shut
down sales of the product. At the hearing, EPIC recommended updates
that would expand COPPA protections to teens and
clarify the law's
application to mobile and social network services.
EPIC has done extensive work in children's online privacy.
Mr.
Rotenberg testified before the House Judiciary Committee in support of
the bill that eventually became COPPA. EPIC worked with
the Center for
Media Education, which had published a groundbreaking study in 1996 on
children's privacy, to develop COPPA and help
ensure enactment. EPIC
has also filed complaints with the FTC detailing unfair and deceptive
trade practices that put children's
privacy at risk.
Rotenberg Testimony Before the Senate Commerce Committee
http://epic.org/privacy/kids/EPIC_COPPA_Testimony_042910.pdf
EPIC: Press Release
http://epic.org/press/EPIC_COPPA_04_29_10_Release.pdf
EPIC: Children's Online Privacy Protection Act (COPPA)
http://epic.org/privacy/kids/default.html
EPIC: Echometrix
http://epic.org/privacy/echometrix/default.html
=======================================================================
[2] Supreme Court Hears Arguments on Petitioner Privacy
=======================================================================
The U.S. Supreme Court held oral arguments in the case of
Doe v. Reed
on April 28. The Court will determine whether the state of Washington
may force disclosure of the names of citizens who
have signed petitions
for ballot initiatives. The case is on appeal from the Ninth Circuit,
where the court ruled in favor of the
employee. EPIC filed a "friend of
the court" brief in the United States Supreme Court, urging the
Justices to protect the privacy
of those who sign petitions.
Twenty-five technology experts and legal scholars joined EPIC in filing
the brief to bring attention
to a number of issues.
EPIC's brief first argues that revealing the names would subject
signatories to the risk of retribution,
citing numerous instances
throughout history, both in the United States and abroad, of harassment
and retribution against those who
sign petitions. These examples
include government retribution against petition signatories in such
places as China and Venezuela,
as well as retribution against those who
signed so-called "Communist-inspired" civil rights petitions in the
United States in the
1950s.
The brief also argues that signing petitions constitutes anonymous
speech. It demonstrates the various ways in which anonymity
is retained
through legal means even if it can not be perfectly preserved through
technical means. It also highlights the ways that
Washington state law
indicates intent to preserve this anonymity.
Finally, EPIC's brief argues that signing petitions is similar
to
casting a vote and should be protected accordingly. The brief argues
"that in some areas, a fundamental right to privacy is a
necessary
safeguard against the consequences of the disclosure of personal
information. In few areas can this be more compelling
than the
expression of support for causes that may be controversial, unpopular,
or simply abhorrent."
Several other briefs were
filed by interested parties. In the oral
argument, the justices focused on the question of whether signing a
petition was more like
a vote or more like a legislative act, and
compared the issue to that of disclosing campaign contributions. The
Court is likely to
rule on the case before the end of the term in June.
EPIC Amicus Brief
http://epic.org/privacy/reed/EPIC_amicus_Reed.pdf
EPIC Doe v. Reed
http://epic.org/privacy/reed/
Supreme Court Docket for Doe v. Reed
http://www.supremecourtus.gov/docket/09-559.htm
=======================================================================
[3] Privacy Groups Warn FTC of Facebook's Unfair and Deceptive
Acts
=======================================================================
EPIC, along with a host of privacy and consumer protection
organizations, filed a complaint with the Federal Trade Commission
against Facebook this week. The complaint is concerned with Facebook's
most recent privacy changes, which "disclose personal information to
the public that was previously restricted," and "disclose personal
information to third parties that was previously not available." The
complaint states that these privacy changes, including Facebook's
social plugins and "Instant Personalization" feature, "violate user
expectations, diminish user privacy, and contradict Facebook's
own
representations." The complaint also cites widespread opposition from
Facebook users, Senators, bloggers, and news organizations.
EPIC also wrote a letter to the Senate and House Committees with
jurisdiction over the FTC, bringing attention to the complaint
and the
FTC's failure to enforce clear-cut consumer protection violations. "The
complaint speaks for itself," EPIC said in its letter
to the senators,
"Facebook continues to manipulate the privacy settings of users and its
own privacy policy so that it can take personal
information provided by
users for a limited purpose and make it widely available for commercial
purposes.
Senators Charles Schumer,
Michael Bennet, Mark Begich, and Al Franken,
have also opposed the recent privacy changes made by Facebook. The
senators sent a letter
to Facebook CEO Mark Zuckerberg to express
concern about "recent changes to the Facebook privacy policy and the
use of personal data
by third-party websites." Senator Schumer has also
asked the FTC to establish guidelines for social networking sites. He
states,
"Previously, users had the ability to determine what
information they chose to share and what information they wanted to
keep private."
EPIC and nine other privacy and consumer organizations filed a previous
complaint with the FTC in December 2009, urging the FTC
to open an
investigation regarding changes to Facebook's privacy settings. In
January 2010, EPIC and several other groups filed a
supplement to the
original complaint, providing additional evidence of Facebook's unfair
and deceptive trade practices relating to
Facebook CEO's public
statements, the most recent version of the Facebook for iPhone
application, Facebook Connect, and "web-suicide"
applications. The FTC
sent a letter regarding the 2009 complaint wherein the Bureau of
Consumer Protection Director stated that the
complaint "raises issues
of particular interest" for the FTC. However, to date, the FTC has
announced no action in any of the pending
complaints concerning
Facebook.
Facebook Complaint (May 2010)
http://epic.org/privacy/facebook/EPIC_FTC_FB_Complaint.pdf
Letter to Senate and House Committees
http://epic.org/privacy/facebook/EPIC_FB_FTC_Complaint_Letter.pdf
Senators' Letter to Mark Zuckerberg
http://www.epic.org/redirect/051010senatorsletter.html
Senator Schumer's Request to FTC
http://schumer.senate.gov/record.cfm?id=324175&
EPIC: Facebook Supplement Complaint (Jan. 2010)
http://epic.org/privacy/inrefacebook/EPIC-FacebookComplaint.pdf
EPIC: Facebook Complaint (Dec. 2009)
http://epic.org/privacy/inrefacebook/EPIC-FacebookComplaint.pdf
EPIC: In re Facebook
http://epic.org/privacy/inrefacebook/
=======================================================================
[4] In Amicus Brief, EPIC Urges Federal Court to Stop
Wiretap Abuse
=======================================================================
EPIC filed a "friend of the court" brief,
urging a federal appeals
court to protect the privacy of innocent individuals who were
inadvertently recorded on federal wiretaps.
In SEC v. Rajaratnam, a
trial court judge ordered disclosure of all wiretaps conducted in a
criminal investigation, even though a
court has yet to rule on the
recordings' legality or relevance.
Ordinarily, wiretap recordings introduced in a criminal must go
through
a number of processes. These processes include minimization, in which
the calls are restricted such that only those containing
incriminating
statements remain; and suppression hearings, in which the defendant may
argue that the wiretaps were illegally obtained
and must be excluded.
Additionally, wiretap evidence, like all evidence, must be excluded if
it bears no relevance to the case. In
this case, even though none of
those processes have been followed in the criminal case, a trial judge
ordered the defendants to turn
over more than 18,000 wiretaps of their
personal and business conversations to the SEC in a related civil suit.
EPIC's brief, filed
with the federal appeals court that agreed to hear
the matter, noted that "hundreds of thousands of individuals are
recorded on wiretaps
every year," and "80% of those personal
communications are wholly unrelated to criminal activity." EPIC urged
the court to take note
of the dramatic privacy harms that would take
place if this practice became widespread. Permitting this would allow
civil litigants
to compromise the otherwise very strict restrictions on
the release of law enforcement wiretap recordings.
EPIC Brief in SEC v.
Rajaratnam
http://epic.org/amicus/EPIC_brief_Rajaratnam.pdf
EPIC Wiretapping
http://epic.org/privacy/wiretap/
Securities and Exchange Commission
http://www.sec.gov/
=======================================================================
[5] Government Wiretaps Up 26% in 2009
=======================================================================
The 2009 Wiretap Report has been released by the Administrative Office
of the United States Courts, and it reveals a significant
increase in
federal and state court-authorized wiretaps in the last year. According
to the report, federal and state courts issued
2,376 orders for the
interception of wire, oral or electronic communications in 2009, up
from 1,891 in 2008, an increase of more
than 25%. With the exception of
2008, the total number of authorized wiretaps has grown in each of the
past seven calendar years,
and the number of orders authorized each
year has followed a general rising trend since 1982.
For the fourth year in a row, the
report indicates that no applications
for electronic intercept orders under Title III of the Omnibus Crime
Control and Safe Streets
Act of 1968 were denied by any court. In fact,
over the last two decades, only 5 such applications have been denied,
while more than
28,000 have been approved.
The overwhelming majority of the wiretaps were authorized for narcotics
investigations, and more than
95% of them were for mobile devices. The
statistics do not include interceptions regulated by the Foreign
Intelligence Surveillance
Act or interceptions approved by the
President outside the exclusive authority of the federal wiretap law
and the FISA. Notably,
despite widely available public encryption
tools, the report states that encryption was encountered in only a
single state wiretap,
and that the encryption " did not prevent
officials from obtaining the plain text of the communications."
2009 Wiretap Report
http://www.uscourts.gov/wiretap09/contents.html
EPIC: Wiretapping
http://www.epic.org/privacy/wiretap
EPIC: Title III Order Statistics
http://epic.org/privacy/wiretap/stats/wiretap_stats.html
EPIC: Title III Order Charts
http://epic.org/privacy/wiretap/stats/wiretapping_graphs.html
=======================================================================
[6] News In Brief
=======================================================================
White House Issues Rules for Security Reporting
A new White House memo sets out the Federal Information Security
Management Act
of 2002 standards for federal agencies. All agencies
must comply with the Act's standards and report security practices for
information
under agency control. The standard also extends obligations
to agency contractors. By November 15, 2010, all agencies must be
capable
of monitoring all information traffic on their networks; and
make reports to CyberScope, a platform launched last year to provide
a
single government-wide security management tool for reports. The
Memorandum included requirements to respond to breaches of personal
information. Agency Inspectors General will provide oversight of agency
compliance with this Act.
White House Memo
http://epic.org/privacy/cybersecurity/WH_memo_4-21.pdf
CyberScope Launch
http://www.govinfosecurity.com/articles.php?art_id=1894
EPIC Cybersecurity
http://epic.org/privacy/cybersecurity/
Advertising Privacy Bill Released
Representatives Rick Boucher (D, Va) and Cliff Stearns (R, Fl), the
Chairman and Ranking Member
respectively of the House Subcommittee on
Communications, Technology, and the Internet, have released a draft
bill on internet consumer
privacy. The bill seeks to provide
"meaningful privacy protections for Internet users" by mandating
disclosure of privacy practices,
regulating the collection and use of
information, and requiring affirmative, opt-in consent for sharing of
information with unaffiliated
third parties. The bill grants authority
to the Federal Trade Commission and state consumer protection agencies
to implement and
enforce its requirements.
Rep. Boucher Press Release
http://boucher.house.gov/index.php?option=com_content&id=1957
Draft Privacy Bill
http://boucher.house.gov/images/stories/Privacy_Draft_5-10.pdf
Executive Summary
http://www.epic.org/redirect/051010execsummary.html
Congress Passes Bill Banning Caller ID Spoofing
On April 15, the House of Representatives passed the Truth in Caller ID
Act of
2010, which bans the transmission of misleading or inaccurate
caller ID information, "with the intent to defraud, cause harm, or
wrongfully obtain anything of value." This change will affect "any real
time voice communications service, regardless of the technology
or
network utilized." EPIC recommended this intent requirement in
testimony before the House in 2006 and 2007, and before the Senate
in
2007 so that privacy techniques would be protected. This bill has
passed the Senate and will likely be enacted into law.
Truth
in Caller ID Act of 2010
http://www.epic.org/redirect/051010acttext.html
EPIC 2007 Senate Testimony
http://epic.org/privacy/iei/s704test.pdf
EPIC 2007 House Testimony
http://epic.org/privacy/iei/hr251test.pdf
EPIC 2006 House Testimony
http://epic.org/privacy/iei/hr5126test.pdf
EPIC: Caller ID
http://epic.org/privacy/caller_id/
American Library Association Launches Choose Privacy Week
The American Library Association's Office of Intellectual Freedom has
announced its first ever Choose Privacy Week, taking place May 2 - 8,
which invites library users into the conversation about privacy
rights
in a digital age. The campaign gives libraries resources to educate and
engage users, and gives citizens the resources to
think critically and
make informed choices about their privacy. In 2006, the American
Library Association Council decided to commence
a national conversation
about privacy as an American value, and in 2008, the Open Society
Institute provided a 3-year, $350,000 seed
grant for this initiative.
Association's initiative is in line with EPIC's work in raising
awareness of online privacy protection.
Choose Privacy Week Information and Resources
http://www.privacyrevolution.org/
EPIC: Social Networking Privacy
http://epic.org/privacy/socialnet/
EPIC: Children's Online Privacy
http://epic.org/privacy/kids/default.html
=======================================================================
[7] EPIC Bookstore: "The Insider"
=======================================================================
"The Insider" by Reece Hirsch
Reece Hirsh's first book is an ambitious legal thriller that mixes the Sopranos
with John Grisham-style
law firm intrigue. Hirsh even manages several
well-placed Godfather references and more than one shout-out to EPIC.
"The Insider"
follows a very interesting and eventful week in the life
of one San Francisco firm lawyer. Will Connelly is a typical law firm
associate,
gunning for partner and working on a large deal involving
the acquisition of an encryption software company. But after one of his
colleagues dies under very suspicious circumstances, Will is plunged
into the middle of a Russian mafia money-making scheme with
far
reaching implications that include a dangerous terrorist plot against
San Francisco's public transit system.
Hirsh deftly develops
an action packed storyline in which Will must
evade the Federal Government and the mafia (with a little help from
former EPIC employee,
Claire Rowland). Along the way, Will discovers a
secret government program to install a backdoor decryption device in
the devices
of unsuspecting Americans. Will and Claire race against
time to evade the mafia goons tracking them, to clear their names, and
to
thwart the plans of a terrorist cell.
This is a fast-paced thriller, with gripping action sequences,
interesting characters, and
a fascinating and original government
conspiracy backdrop.
Fans can meet Hirsch at EPIC's June 2, 2010 Awards Dinner. For more
information: http://www.epic.org/june2/
--Ginger McCall
================================
EPIC Publications:
"Litigation Under the Federal Open Government Laws 2008,"
edited by
Harry A. Hammitt, Marc Rotenberg, John A. Verdi, and Mark S. Zaid
(EPIC 2008). Price: $60.
http://epic.org/bookstore/foia2008/
Litigation Under the Federal Open Government Laws is the most
comprehensive, authoritative discussion of the federal open access
laws. This updated version includes new material regarding the
substantial FOIA amendments enacted on December 31, 2007. Many of
the
recent amendments are effective as of December 31, 2008. The standard
reference work includes in-depth analysis of litigation
under Freedom
of Information Act, Privacy Act, Federal Advisory Committee Act,
Government in the Sunshine Act. The fully updated 2008 volume is the
24th edition of
the manual that lawyers, journalists and researchers
have relied on for more than 25 years.
================================
"Information
Privacy Law: Cases and Materials, Second Edition" Daniel
J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.
http://www.epic.org/redirect/aspen_ipl_casebook.html
This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of
privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance
Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive
foundation
for an exciting course in this rapidly evolving area of law.
================================
"Privacy & Human Rights
2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/
This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy
in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating
to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.
================================
"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook
This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).
This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals
for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more
involved in the
WSIS process.
================================
"The Privacy Law Sourcebook 2004: United States Law, International
Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.
http://www.epic.org/bookstore/pls2004/
The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource
for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world.
It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD
Privacy Guidelines, as
well as an up-to-date section on recent developments. New materials
include the APEC Privacy Framework, the
Video Voyeurism Prevention Act,
and the CAN-SPAM Act.
================================
"Filters and Freedom 2.0: Free Speech Perspectives
on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0
A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.
================================
EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:
EPIC Bookstore
http://www.epic.org/bookstore
================================
EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents
obtained from government agencies under the
Freedom of Information Act.
Subscribe to EPIC FOIA Notes at:
https:/mailman.epic.org/mailman/listinfo/foia_notes
=======================================================================
[8] Upcoming Conferences and Events
=======================================================================
"Developing a Trusted Cyber-Infrastructure"
Toronto, ON, May 12, 2010
For more information:
http://www.ipsi.utoronto.ca/
EPIC Awards Dinner
June 2, 2010
Washington, DC
For more information:
http://www.epic.org/june2/
"Computers, Freedom, and Privacy"
San Jose, June 15-18, 2010.
For more information:
http://cfp.acm.org/wordpress/?p=6
"32nd Int'l Conference of Data Protection and Privacy Commissioners"
Jerusalem, October 2010.
For more information:
http://www.justice.gov.il/MOJEng/RashutTech/News/conference2010.htm
=======================================================================
Join EPIC on Facebook
=======================================================================
Join the Electronic Privacy Information Center on Facebook
http//facebook.com/epicprivacy
http://epic.org/facebook
Start a discussion on privacy. Let us know your thoughts.
Stay up to date with EPIC's events.
Support EPIC.
=======================================================================
Privacy Policy
=======================================================================
The EPIC Alert mailing list is used only
to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend
to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link to
other databases)
our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address
from this list,
please follow the above instructions under "subscription
information."
=======================================================================
About EPIC
=======================================================================
The Electronic Privacy Information Center is
a public interest research
center in Washington, DC. It was established in 1994 to focus public
attention on emerging privacy issues
such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale
of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research. For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).
=======================================================================
Donate to EPIC
=======================================================================
If you'd like to support the work of the
Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible. Checks
should be made out to "EPIC" and
sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009. Or you can contribute online at:
http://www.epic.org/donate
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation
of encryption and
expanding wiretapping powers.
Thank you for your support.
=======================================================================
Subscription Information
=======================================================================
Subscribe/unsubscribe via web interface:
http://mailman.epic.org/mailman/listinfo/epic_news
Back issues are available at:
http://www.epic.org/alert
The EPIC Alert displays best in a fixed-width font, such as Courier.
------------------------- END EPIC Alert 17.01 ------------------------