EPIC Alert 19.23
======================================================================= E P I C A l e r t ======================================================================= Volume 19.23 December 10, 2012 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/epic_alert_19.23.html "Defend Privacy. Support EPIC." http://epic.org/donate =========================================================================== Table of Contents =========================================================================== [1] EPIC Urges User Vote for "Existing" Facebook Policy [2] EPIC to Congress: Suspend Funding for Body Scanner Program [3] EPIC: FTC Nominee Should Address Agency Privacy Settlement Process [4] NASA Suffers More Data Breaches [5] Senate Committee Updates ECPA, Modifies Video Privacy Law [6] News in Brief [7] EPIC in the News [8] EPIC Book Review: 'Cyberspace and National Security' [9] Upcoming Conferences and Events TAKE ACTION: Vote for EXISTING Facebook Documents! VOTE Here: http://apps.facebook.com/fbsitegovernance/ TWEET Your Vote: #ExistingDocuments on #Facebook http://bit.ly/VwTAVw READ the Facebook Governance Docs: http://epic.org/redirect/120712-fb.html SUPPORT EPIC: http://epic.org/donate ======================================================================== [1] EPIC Urges User Vote for "Existing" Facebook Policy ======================================================================== EPIC is urging all Facebook users to participate in the Facebook Governance Vote. Facebook has proposed changes to site governance policies that would end user voting, remove spam blocking, and combine personal information from Facebook with data from photo-blogging site Instagram. A user vote "for EXISTING Documents" will prevent fundamental changes to Facebook user privacy. Voting will end December 10 at 12:00pm Pacific Standard Time. In a November 27 letter, EPIC and the Center for Digital Democracy urged Facebook CEO Mark Zuckerberg to withdraw the proposed changes, which will both negatively affect user privacy and users' ability to participate in site governance. "Because these proposed changes raise privacy risks for users, may be contrary to law, and violate your previous commitments to users about site governance, we urge you to withdraw the proposed changes," EPIC's letter states. Facebook is subject to the terms of a November 2011 settlement with the Federal Trade Commission that prohibits the company from changing privacy settings without users' affirmative consent or misrepresenting the privacy or security of users' personal information. The consent order was prompted by complaints EPIC and other consumer and privacy organizations filed with the FTC in 2009 and 2010. Since the settlement, EPIC has filed a number of complaints with the FTC, maintaining that Facebook continues to violate the settlement's terms and that the FTC has not done enough to prevent these violations. In September, EPIC, joined by the Center for Digital Democracy, asked the FTC to investigate whether Facebook's data-matching arrangement with data broker Datalogix violates the 2011 settlement. In June, EPIC and several privacy organizations filed a complaint over Facebook's automated tagging of Facebook users through facial recognition technology. Automated tagging is currently disabled for all users and the European Union is requiring Facebook to stop the use of facial recognition software altogether and delete the data used for facial recognition. Facebook: Facebook Governance Vote http://apps.facebook.com/fbsitegovernance/ EPIC: Letter to Facebook re: Governance Changes (Nov. 27, 2012) http://epic.org/privacy/facebook/EPIC-CDD-Ltr-to-FB-Data-Use.pdf FTC: Settlement with Facebook re: Privacy Changes http://www.ftc.gov/os/caselist/0923184/111129facebookagree.pdf EPIC: Complaint with FTC re Facebook/Datalogix (Sept. 27, 2012) http://epic.org/privacy/facebook/EPIC-Ltr-FB-Datalogix.pdf EPIC: Complaint with FTC re: Facebook Face Recognition (Jun. 10, 2011) http://epic.org/redirect/120712-epic-2011-fb-complaint.html EPIC: Comments to FTC on Facebook Facial Recognition http://epic.org/privacy/facerecognition/EPIC-Face-Facts-Comments.pdf EPIC: Facebook Privacy http://epic.org/privacy/facebook/ ========================================================================= [2] EPIC to Congress: Suspend Funding for Body Scanner Program ========================================================================= EPIC has sent a letter to US Representatives Mike Rogers (R-AL) and Sheila Jackson Lee (D-TX), asking Congress to suspend funding for the airport body scanner program until the TSA has completed a court- ordered public rulemaking. The letter follows a November House oversight hearing by the Subcommittee on Transportation Security, during which Subcommittee members learned that the TSA had shipped millions of dollars' worth of airport backscatter X-ray devices back to warehouses. Previously, the TSA had stated that it was moving the devices to smaller airports for efficiency reasons. EPIC's letter to Reps. Rogers and Jackson Lee questions why "The TSA website has failed to explain the contradiction[s]" between statement and fact. EPIC's letter also covers a number of other concerns raised in the House hearing, often using direct quotes from the interchanges between Subcommittee members and TSA administrators as examples The letter states that the TSA has "misled the public" on a number of crucial issues, including scanner safety, privacy, efficacy and taxpayer expense. During the hearing, representatives from DHS claimed that the agency did not underestimate the public's privacy concerns over the backscatter devices. EPIC's letter points out that the agency made this claim "[d]espite two petitions from a broad coalition of organizations to Secretary Napolitano, a national protest, thousands of complaints, and a court order from the D.C. Circuit Court of Appeals to undertake public rulemaking". EPIC's letter concludes,"In light of the ongoing problems with the TSA's body scanner technology, continued public concerns, and the agency's failure to undertake the required rulemaking," EPIC recommends that Congress: "* Suspend all funding for new body scanner devices and equipment until notice-and-comment rulemaking has been completed. "* Require TSA to make publicly available all results of tests performed on body scanners. "* Require TSA to make publicly available an accounting of the money spent on airport screening technology as well as an evaluation by the agency as to the effectiveness of these techniques." The Washington, DC Circuit Court of Appeals has ordered the TSA to conduct a public rulemaking on the body scanners by March 2013. Backscatter X-ray devices are already prohibited in European airports. EPIC: Letter to Congress re: Body Scanners (Nov. 28, 2012) http://epic.org/privacy/body_scanners/EPIC-HSC-letter-11-28-12.pdf US House Subcommittee: Hearing on Body Scanners (Nov. 15, 2012) http://epic.org/redirect/120712-house-hearing-scanners.html TSA/DHS: Joint Written Testimony for Scanner Hearing (Nov. 15, 2012) http://epic.org/redirect/120712-dhs-tsa-hearing-scanners.html EPIC: Petition to DHS re: Body Scanners (May 31, 2009) http://epic.org/redirect/120712-epic-2009-dhs-petition.html EPIC: Petition to DHS re: Body Scanners (Apr. 21, 2010) http://epic.org/privacy/airtravel/backscatter/petition_042110.pdf EPIC: Whole Body Imaging Technology and Body Scanners http://epic.org/privacy/airtravel/backscatter/ EPIC v. DHS (Suspension of Body Scanner Program) http://epic.org/redirect/120712-epic-v-dhs-scanner-suspend.html EPIC: EPIC v. DHS - Full Body Scanner Radiation Risks http://epic.org/redirect/120712-epic-v-dhs-scanner-rad.html EPIC: EPIC v. Department of Homeland Security - Body Scanners http://epic.org/privacy/airtravel/backscatter/epic_v_dhs.html ======================================================================== [3] EPIC: FTC Nominee Should Address Agency Privacy Settlement Process ======================================================================== EPIC has submitted a letter to the US Senate Commerce Committee, recommending that Congress require the Federal Trade Commission to consider more carefully the public's views on proposed privacy settlements. EPIC also recommended that the FTC require compliance with the US Consumer Privacy Bill of Rights for companies that violate consumer privacy. When the FTC settles a case against a company that has violated the FTC Act, the FTC's own compliance rules require that the agency post the proposed settlements for public comment. After a 30-day comment period, the FTC Commissioners reconvene to discuss the public comments and vote on whether or not to incorporate public suggestion into the final order. However, according to EPIC's letter, "Although the Commission has solicited public comments for proposed settlement agreements in twenty- one cases involving privacy violations over the past two years, it has never modified a settlement in response to public comment." EPIC's letter also notes, "[I]n spite of its public support for the Consumer Privacy Bill of Rights, the Commission has failed to include compliance with the CPBR as a requirement for companies that violate consumers' privacy." The CPBR, created by the Obama Administration in early 2012, is not a law, but guidelines for agencies and companies when they consider best privacy practices. EPIC's letter recommended that the FTC require these companies to abide by the CPBR. EPIC sent the letter to the Commerce Committee in anticipation of the nomination hearings of Dr. Joshua Wright to be an FTC Commissioner. Wright was nominated by President Obama in September 2012 to fill a Republican spot on the Commission, and his nomination hearings took place December 4. EPIC's letter emphasizes that EPIC takes "no position" on Wright's nomination, but rather provides Congress with an opportunity "to discuss the Commissions' practices and to assess whether the FTC is sufficiently responsive to public concerns about privacy." The letter also encourages Congress to ask Wright to respond specifically to EPIC's suggestions regarding public comments on proposed compliance reports and CPBR compliance. EPIC routinely submits comments to the FTC on proposed consent orders, most recently in October 2012 on agency's settlement with web-tracking software company Compete, Inc. EPIC has also recommended previously that the FTC promote the Consumer Privacy Bill of Rights in privacy settlements. EPIC: Letter to Senate Commerce Committee (Dec. 3, 2012) http://epic.org/privacy/ftc/EPIC-Ltr-SenComm-FTC-12-12.pdf The White House: Consumer Privacy Bill of Rights (Feb. 2012) http://www.whitehouse.gov/sites/default/files/privacy-final.pdf The White House: Joshua Wright Nomination Announcement (Sept. 10, 2012) http://epic.org/redirect/120712-WH-wright-announce.html EPIC: Comments to FTC on Compete Inc. (Nov. 19, 2012) http://epic.org/2012/11/epic-submits-comments-to-ftc-o.html US Senate: Commerce Committee http://commerce.senate.gov/public/ EPIC: Federal Trade Commission http://epic.org/privacy/internet/ftc/ ======================================================================= [4] NASA Suffers More Data Breaches ======================================================================= NASA has announced that an October 31 theft of an unencrypted laptop compromised the personal information of a "large number" of agency employees and contractors. An agency web page states that a NASA employee's laptop was stolen out of his car. The laptop was password- protected, but not encrypted, making data potentially accessible. A similar theft earlier in 2012 exposed the data of thousands of Kennedy Space Center employees, and in March a NASA laptop was stolen that contained sensitive personally identifiable information, including Social Security numbers, birth dates, and even college GPAs. According to the space agency, all NASA laptops must have full-disk encryption by the end of 2012. Until encryption is added, "effective immediately, no NASA-issued laptops containing sensitive information can be removed from a NASA facility unless whole disk encryption software is enabled or the sensitive files are individually encrypted." NASA also states it is working with a data-breach consulting firm to assess and mitigate potential damage. These events are particularly significant in light of a 2010 US Supreme Court case, NASA v. Nelson, in which a federal contractor challenged NASA's broad collection of personal information. The Court ruled that NASA had adequate privacy protections in place under the Privacy Act. EPIC had filed a "friend of the court" brief in support of contractor Robert Nelson, arguing that legal protections were insufficient and that NASA's systems were vulnerable to data breaches. EPIC's brief maintained that individuals, including NASA employees, have a right to informational privacy and a Court decision in favor of NASA would "require these scientists to disclose sensitive, personal information that is insufficiently protected and at substantial risk of disclosure." Robert Nelson, the NASA employee named in the case, is among the individuals whose information could have been compromised in the latest NASA data breach. NASA: Announcement of Data Breach (Nov. 13, 2012) http://spaceref.com/news/viewsr.html?pid=42609 EPIC: "Friend of the Court Brief" in NASA v. Nelson (Aug. 9, 2010) http://epic.org/amicus/nasavnelson/EPIC_amicus_NASA_final.pdf US Supreme Court: Opinion in NASA v. Nelson (Jan. 19, 2011) http://www.supremecourt.gov/opinions/10pdf/09-530.pdf EPIC: NASA v. Nelson http://epic.org/amicus/nasavnelson/ EPIC: Identity Theft http://epic.org/privacy/idtheft/ ======================================================================== [5] Senate Committee Updates ECPA, Modifies Video Privacy Law ======================================================================== The US Senate Judiciary Committee has approved a bill that updates the Electronic Communications Privacy Act (ECPA) and modifies the Video Privacy Protection Act (VPPA). Both laws, passed in the 1980s, have not kept pace with advances in Internet technology. ECPA governs law enforcement's ability to surveil communications and conduct wiretaps. The VPPA prevents the disclosure of consumer video watching and renting habits without consent. Under the revisions to ECPA, law enforcement must obtain a search warrant before accessing email or other private electronic communications. Currently, no warrant is required for law enforcement to obtain remotely stored email that is more than 180 days old. The modifications to the VPPA allow users to provide "blanket consent" to the disclosure of their video viewing records. Under current law, users must consent to each individual disclosure. The new amendment allows services such as Netflix to disclose viewer records with only a one-time consent from the account holder. An amendment by Senator Diane Feinstein (D-CA), adopted by the Committee, has limited this opt-in consent to two years. EPIC favors more extensive updates to ECPA. Specifically, EPIC has argued that locational information should also be protected by a warrant requirement. In addition, EPIC favors strong requirements for prompt notification following any search. In January 2012 EPIC Executive Director Marc Rotenberg testified before the US Senate against weakening the consent provision of the VPPA, which has been one of the strongest statutes protecting consumers' personally identifiable information, "The Video Privacy Protection Act is a model privacy law. It is technology neutral and focuses on the collection and use of personal information," EPIC stated. "The debate over online privacy and Netflix does not exist in a vacuum. It is becoming increasingly clear that only privacy laws actually safeguard the privacy rights of Internet users." US Senate: Bill to Update ECPA and VPPA (HR 2471) http://epic.org/redirect/120712-HR-2471.html EPIC: Senator Feinstein's Amendment to HR 2471 http://epic.org/privacy/vppa/HR2471-Feinstein-Amendment.pdf EPIC: Testimony of Marc Rotenberg on VPPA (Jan. 31, 2012) http://epic.org/privacy/vppa/EPIC-Senate-VPPA-Testimony.pdf EPIC: Testimony of Marc Rotenberg on ECPA (June 24, 2010) https://epic.org/privacy/ECPA_Statement_2010-06-24.pdf EPIC: Electronic Communications Privacy Act http://epic.org/privacy/ecpa/ EPIC: Video Privacy Protection Act http://epic.org/privacy/vppa/ ======================================================================== [6] News in Brief ======================================================================== UPDATE: EPIC Appeals NSA's Withholding of Cybersecurity Directive EPIC has appealed a decision by the National Security Agency to deny EPIC's Freedom of Information Act Request for the public release of Presidential Policy Directive 20. The Policy Directive expands the NSA's cybersecurity authority and has raised concerns about government surveillance of the Internet. EPIC's FOIA appeal points to numerous substantive and procedural defects in the NSA's response, and highlights the importance of public discussion of cybersecurity authority. The NSA has 10 days to respond to EPIC's appeal. EPIC: Appeal in NSA FOIA Case (Nov. 27, 2012) http://epic.org/foia/nsa/NSA-PPD-Appeal.pdf NSA: Official Denial of EPIC FOIA Request (Nov. 20, 2012) http://epic.org/foia/nsa/EPIC-PPD-20-FOIA-NSA-Reply.pdf EPIC: FOIA Request to NSA re: Policy Directive 20 (Nov. 14, 2012) http://epic.org/redirect/112112-epic-foia-directive20.html EPIC: Cybersecurity Privacy Practical Implications http://epic.org/privacy/cybersecurity/default.html EPIC: EPIC v. NSA - Cybersecurity Authority http://epic.org/privacy/nsa/epic_v_nsa.html EPIC to Defense Department: Maintain Strong Open Government Rules EPIC has submitted extensive comments to the Defense Logistics Agency, a component within the US Department of Defense, opposing changes to the Defense Logistics Agency Freedom of Information Act (FOIA) Program. The agency's proposals will substantially alter FOIA requirements and modify key terms governing FOIA processing, general FOIA policy, exemptions under the FOIA, and fee waivers. EPIC's comments argue that several of the proposals are contrary to law, exceed the scope of the agency's authority, and should be withdrawn. EPIC further stated that the proposals contravene "the express statements" of the President and Attorney General concerning government transparency. EPIC routinely submits comments on proposed changes to FOIA regulations, warning agencies not to erect new obstacles to those seeking information about government. The statement to the DLA was prepared with the assistance of students at the Georgetown University Law Center studying open government law. EPIC: Comments to DLA re: FOIA Changes (Dec. 5, 2012) http://epic.org/open_gov/EPIC-DLA-FOIA-Regs-Cmts.pdf Federal Register: List of Proposed DLA FOIA Changes (Oct. 12, 2012) http://www.gpo.gov/fdsys/pkg/FR-2012-10-15/pdf/2012-24425.pdf DLA: Proposal for FOIA Changes (Jul. 1, 2011) http://epic.org/redirect/120712-dla-proposed-foia-changes.html EPIC: Comments to DOJ re Proposed FOIA Changes (Oct. 18, 2011) http://epic.org/foia/EPIC-DOJ-FOIA-Comments-FINAL.pdf Georgetown U. Law Center: Class on Open Government http://epic.org/redirect/120712-georgetown-foia-class.html EPIC: Open Government http://epic.org/open_gov/ MA High Court Allows Limited Warrantless Search of Cellphone Call Logs The Supreme Judicial Court of Massachusetts has ruled that no search warrant is required to check the recent call list of a cellphone seized during a lawful arrest. However, the Court's decision in Commonwealth v. Phifer emphasizes that the ruling is narrow and fact-specific. The Court does "not suggest that the assessment necessarily would be the same on different facts, or in relation to a different type of intrusion into a more complex cellular telephone or other information storage device." In the Phifer case, police witnessed a drug deal, arrested the dealer, and then checked the phone's call log for evidence of recent drug sales. The Massachusetts Supreme Judicial Court compared searching the phone in these circumstances to searching a "prescription bottle" during a drug arrest under the assumption that a bottle "carried in this manner would contain contraband, and, most probably, a controlled substance". In 2009, EPIC filed a "friend of the court" brief in the Massachusetts Supreme Judicial Court case Commonwealth v. Connolly. The Court ultimately ruled that sensitive data obtained from GPS tracking requires a search warrant, a decision reiterated by the US Supreme Court in US v. Jones. EPIC also submitted a brief in that case. MA Supreme Judicial Court: Decision in Phifer (Dec. 5, 2012) http://epic.org/redirect/120712-commonwealth-v-phifer.html EPIC: "Friend of the Court" Brief in Connolly (Apr. 20, 2009) http://epic.org/privacy/connolly/042009amicus.pdf EPIC: Commonwealth v. Connolly http://epic.org/privacy/connolly/ EPIC: US v. Jones http://epic.org/amicus/jones/ EPIC: Locational Privacy http://epic.org/privacy/location_privacy/default.html Senate Committee to Consider Location Privacy Bill The US Senate Judiciary Committee is poised to consider S. 1223, the Location Privacy Act of 2011, sponsored by Senator Al Franken (D-MN). The bill would establish important privacy protections for cellphone users and require affirmative consent for cellphone service providers to collect or disclose user locations. EPIC has previously recommended new protections for location data as part of the update of federal law. EPIC also has filed comments with the Federal Communications Commission supporting guidelines for the protection of location data under the Federal Communications Act. GovTrack: Location Privacy Act of 2011 http://www.govtrack.us/congress/bills/112/s1223 Sen. Al Franken http://www.alfranken.com/ EPIC: Statement Before US Senate on ECPA (Jun. 24, 2010) http://epic.org/privacy/ECPA_Statement_2010-06-24.pdf EPIC: Comments to FCC on Locational Privacy (2001) http://epic.org/privacy/wireless/epic_comments.pdf EPIC: Locational Privacy http://epic.org/privacy/location_privacy/ EPIC: Electronic Communications Privacy Act http://epic.org/privacy/ecpa/ Pew Survey Finds Most Parents Concerned about Children's Online Privacy A new report from the Pew Research Center and Harvard University's Berkman Center for Internet & Society finds that 81% of parents are concerned about how much information advertisers can learn about their child's online behavior. 69% of parents of teenagers are concerned about how their child's online activity might affect their future academic or employment opportunities. 63% of parents of children ages 12-13 say they are "very" concerned about their child's interactions with people they do not know online. Many parents reported taking steps to address these risks, such as talking to their children or helping them configure privacy settings. The Federal Trade Commission is considering new privacy rules to strengthen the Children's Online Privacy Protection Act. EPIC strongly supports the proposed changes. Pew/Berkman Centers: Report on Children and Online Privacy (Nov. 2012) http://epic.org/redirect/120712-pew-internet-kid-privacy.html Pew Internet and American Life Project http://pewinternet.org/About-Us.aspx EPIC: Comments to FTC on COPPA Rule Review (Sept. 24, 2012) http://epic.org/privacy/kids/EPIC-COPPA-2012-Rule-Rev-Cmts.pdf Harvard University: Berkman Center for Internet & Society http://cyber.law.harvard.edu/ EPIC: Children's Online Privacy http://epic.org/privacy/kids/default.html EPIC: Federal Trade Commission http://epic.org/privacy/internet/ftc/ ============================================================= [7] EPIC in the News ======================================================================= "Facebook users overwhelmingly oppose privacy policy change." Computerworld, Dec. 4, 2012. http://epic.org/redirect/120712-computerworld-fb-epic.html "Facebook Invites Users to Vote on Proposed Data Changes." Business Week, Dec. 3, 2012. http://epic.org/redirect/120712-bweek-facebook-epic.html "Senate panel OKs update to communications privacy law." Los Angeles Times, Nov. 30, 2012. http://epic.org/redirect/120712-latimes-ecpa-epic.html "Yet Another Shift In Facebook Policies Raises Privacy Concerns." NPR's All Things Considered, Nov. 29, 2012. http://epic.org/redirect/120712-npr-facebook-epic.html "FAA Delays Creating Drone Test Sites Due to Privacy Concerns." Nextgov.com, Nov. 29, 2012. http://epic.org/redirect/120712-nextgov-drones-epic.html "Ex-NASA Scientist's Data Fears Come True." The New York Times, Nov. 28, 2012. http://epic.org/redirect/120712-nyt-nasa-epic.html "Regulator forces Facebook to change data policy." MarketingWeek UK, Nov. 28, 2012. http://epic.org/redirect/120712-marketweek-facebook-epic.html "Facebook User Backlash Over Policy Change." The Wall Street Journal, Nov. 27, 2012. http://epic.org/redirect/120712-wsj-facebook-epic.html "Privacy groups ask Facebook CEO Zuckerberg to withdraw policy changes." Examiner.com, Nov. 27, 2012. http://epic.org/redirect/120712-examiner-facebook-epic.html "Data cops: Facebook privacy plans must be 'modified'." The Register, Nov. 27, 2012. http://epic.org/redirect/112112-registeruk-facebook-epic.html "Two consumer groups urge Facebook to back off privacy changes." Los Angeles Times, Nov. 26, 2012. http://epic.org/redirect/112112-latimes-facebook-epic.html For More EPIC in the News: http://epic.org/news/epic_in_news.html ======================================================================== [8] Book Review: 'Cyberspace and National Security' ======================================================================== "Cyberspace and National Security: Threats, Opportunities, and Power in a Virtual World," Derek S. Reveron, Ed. http://epic.org/redirect/120712-cyber-and-natl-security-reveron.html In order to assemble "Cyberspace and National Security", US Naval War College Professor Derek S. Reveron commissioned essays from academics, information scientists, and policy analysts on one or both of the title's topics - cyberspace and national security. Each essay is written by a different author and examines its subject from a different angle. As a result, "Cyberspace and National Security" casts a wide net, with varying but ultimately complementary results. The volume's first essay, "Speculative Security" by Patrick Jagoda, is essentially a cultural primer of the evolution of the concept as well as the practice of "cyberspace". "Operational Considerations in Cyber Attack and Cyber Exploitation" by Herbert Lin dissects the definition of "rivalry" in modern warfare. The penultimate essay, "China in Cyberspace" by Nigel Inkster, explores Internet censorship in China. Often the essays are cognizant of each other, and one author will refer to another author's contribution to the book. This mutual self- awareness creates a richer portrait of the inextricable connections between online connectivity and cyber-attacks against US interests. A central focus of "Cyberspace and National Security" is the concept of "networks." Each essay contributes to a greater understanding of decentralized communication, and the ways in which "cyber networks" have eroded our conception of boundaries. In "Operational Considerations in Cyber Attack and Cyber Exploitation," Herbert Lin explains the comparative advantages and disadvantages of cyber attacks over "kinetic," or real-space, attacks. He highlights how attacks against targets located in other countries avoid the logistical problems typically associated with kinetic attacks: "An attacker can also clandestinely alter data stored on the network to impact future planning. For example, the logistics deployment plan for an adversary's armed forces may be driven by a set of database entries that describe the appropriate arrival sequence of various items (food, fuel, vehicles, and so on). A planner relying on a corrupted database may well find that deployed forces have too much of certain items and not enough of others. The planner's confidence in the integrity of the database may also be affected." Particularly intriguing are the essays that explore writing's relationship to the virtual world. "Speculative Security" explains the evolution of the prefix "cyber," and discusses the culture that has arisen around the terms "cyberspace," "cyberpunk," and "cybersex." Jagoda details both the panic and the idealism that emerge when authors write about cyberspace, and outlines the ways in which both reactions rest on the same set of misconceptions. Nikolas K. Gvosdev's "The Bear Goes Digital" plumbs Russia's cyber capabilities by explaining the vocabulary and terminology that have arisen around Russian Internet use. "China in Cyberspace" extensively cites Chinese newspaper articles, examining not only the phenomenon of Chinese Internet censorship, but also the public discourse about Internet censorship. In other words, online networks also give rise to an interconnected system of language that mimics them. The emergence of the "iazyk padonkov" Russian internet vernacular, or the near-universal usage of the prefix "cyber," demonstrate how linguistic networks unite Internet users as much as the actual computers do, and these two networks depend on and strengthen each other. Ultimately, Cyberspace and National Security is itself a network of information. It is not a complete vision of either cyberspace or national security; such a volume would need to be much larger than a set of 13 short essays. The pockets of knowledge that are explored and explained in the book are well-crafted, but so divergent that they give the impression of having been chosen at random. However, where the essays do not coalesce into a coherent whole, they nevertheless remain interconnected. They share each others' vocabulary, data referents, and intellectual ambition, so that what might otherwise have been a jumble of facts is sorted into a de facto organized distributed information system. -- Julia Horwitz ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75 http://epic.org/bookstore/foia2010/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, and constitutional values can be ordered at: EPIC Bookstore http://www.epic.org/bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: http://mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [9] Upcoming Conferences and Events ======================================================================= "Computers, Privacy and Data Protection: Reloading Data Protection." 23-25 January 2013, Brussels. For More information: http://www.cpdpconferences.org/. 22nd Annual Computers, Freedom, & Privacy Conference. 5-6 March 2013, Washington, DC. For More Information: Contact Chris Calabrese at ccalabrese@dcaclu.org. "Online Privacy: Consenting to your Future." 21-22 March 2013, Portomaso, Malta. Abstract for Papers due 14 December 2012. For More Information: http://www.onlineprivacyconference.eu. ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: http://facebook.com/epicprivacy http://epic.org/facebook http://twitter.com/epicprivacy Join us on Twitter for #privchat, Tuesdays, 11:00am ET. Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government and private-sector infringement on constitutional values. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 19.23------------------------