EPIC Alert 19.09
======================================================================= E P I C A l e r t ======================================================================= Volume 19.09 May 10, 2012 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/epic_alert_19.09.html "Defend Privacy. Support EPIC." http://epic.org/donate ======================================================================= Table of Contents ======================================================================= [1] Google Releases "Spy-Fi" Report After EPIC FOIA Request to FCC [2] EPIC Appeals Denial in Surveillance Export FOIA, Files Follow-Up [3] EPIC Files Suit for FBI "StingRay" Cell Phone Tracking Documents [4] Classified Report Finds Vulnerabilities in Body Scanner Program [5] Congress, CA Consider Bills to Protect Employee Facebook Passwords [7] EPIC in the News [8] Book Review: 'Open Government' [9] Upcoming Conferences and Events REGISTER NOW! EPIC Annual Champion of Freedom Awards Dinner, with Host Dahlia Lithwick. June 11, 2012, The Fairfax at Embassy Row, Washington, DC. For More Information: http://epic.org/june11/. ======================================================================= [1] Google Releases "Spy-Fi" Report After EPIC FOIA Request to FCC ======================================================================= Shortly after EPIC filed a Freedom of Information Act request with the Federal Communications Commission for the unredacted version of the FCC's report on Google Spy-Fi, Google has released a mostly unredacted version of the report. In May 2007, as part of Google's initial collection of Street View data, Google deployed special vehicles, equipped with digital cameras and other devices, to capture images in designated locations in 30 countries worldwide. Using hidden Internet receivers, Google "Street View vehicles" also collected a vast amount of data from users of private home and business Wi-Fi networks. Google simultaneously collected MAC addresses (the unique device ID for Wi-Fi hotspots), network SSIDs (user-assigned network ID names) tied to location information for private wireless networks, and Wi-Fi "payload" data, which included emails, passwords, usernames and web site URLs. On April 13, the FCC released a highly redacted version of this report, which the agency believed concluded the investigation into the Google Spy-Fi matter. EPIC almost immediately filed a FOIA request, and Google released the unredacted document on April 28. The Federal Communications Commission's original version of the report withheld many relevant details about Google's interception of Wi-Fi data. The report's new, unredacted belies Google's prior statements that a "rogue engineer" was responsible for the payload data collection. Instead, it indicates that Google intentionally designed the Street View code to intercept payload data for business purposes. The report also reveals that many supervisors and engineers within Google reviewed the code and the design documents associated with the project, and disregarded potential privacy issues even when flagged by engineers. EPIC continues to press for more details regarding Google's interception of Wi-Fi data by seeking several categories of related documents from the FCC, as well as documents related to the Department of Justice's investigation of Google Street View. EPIC: FCC Investigation of Google Streetview http://epic.org/privacy/google/fcc_investigation_of_google_st.html FCC: Redacted Version of Google Street View Notice (Apr. 13, 2012) http://epic.org/privacy/streetview/FCC-Google-SV-Enforcement.pdf FCC: Unredacted Version of Google Street View Notice (Apr. 28, 2012) http://epic.org/redirect/050912-fcc-google-noredact.html EPIC: FOIA Request to the FCC re: Street View Decision (Apr. 18, 2012) http://epic.org/foia/EPIC-FCC-Google-Request-04-18-12.pdf EPIC: Google Street View http://epic.org/privacy/streetview/ ======================================================================= [2] EPIC Appeals Denial in Surveillance Export FOIA, Files Follow-Up ======================================================================= EPIC has appealed the Department of Commerce's denial of a Freedom of Information Act request that sought records about US companies' sale of surveillance technology to repressive regimes like Syria and Yemen. EPIC has also filed a new FOIA request with Commerce for records related to the agency's investigation US company Blue Coat Systems, which sold surveillance devices to the Syrian government. US export rules require companies to seek a license for the export of technology under certain circumstances. EPIC filed the initial FOIA request on March 18. EPIC also requested from the Department of Commerce any reports made by US companies under the "Wassenaar Arrangement," a voluntary system through which "participating states," including the US, attempt to "ensure that transfers of" certain goods, including surveillance products, "do not contribute to the development or enhancement of military capabilities which undermine these goals, and are not diverted to support such capabilities." The Department of Commerce responded to EPIC's request by claiming no knowledge of the existence of Wassenaar Arrangement reports, and refused EPIC all commercial licenses under a statute that allows for the withholding of "information obtained for the purpose of, or concerning, license applications." EPIC's appeal notes that FOIA requires all agencies to conduct a "segregability analysis" to disclose "all reasonably segregable, nonexempt portions of the requested record(s)." The appeal also argues that in previous cases involving similar requests, the agency had turned over aggregate data about export licenses. "The failure to adequately justify the claim that no segregable portions of records exist violates FOIA, especially given the past practice of releasing aggregate data in response to substantially similar requests," the appeal states. EPIC's second FOIA request to the Department of Commerce seeks information about the agency's own investigation of certain US companies that sold surveillance technology to repressive regimes. Recent reports have indicated that Syrian officials used devices manufactured by Blue Coat Systems of Sunnyvale, CA, to monitor and potentially block Syrian Internet traffic in October 2011. After investigating, the Commerce Department concluded that two individuals at Blue Coat had "act[ed] contrary to the national security or foreign policy interests of the United States", and Blue Coat was added to the "Entity List," which limits the company's ability to trade with other US companies. EPIC's second FOIA submission argues that EPIC's request was made more relevant by the passage of a recent executive order authorizing US officials to impose sanctions against persons involved in the use of information and communications technology to facilitate human rights abuses in Syria and Iran. EPIC: FOIA Appeal of Export License Request (Apr. 26, 2012) http://epic.org/redirect/050912-epic-export-foia-appeal.html EPIC: Initial FOIA Request for Export Licenses (Mar. 28, 2012) http://epic.org/foia/FOIA-Commerce-surv-export.pdf EPIC: FOIA Request for Investigation Documents (Apr. 26, 2012) http://epic.org/redirect/050912-epic-export-foia-appeal.html Wassenaar Arrangement http://www.wassenaar.org/ Wash. Post: Article on US Export of Surveillance Tech (Nov. 17, 2011) http://epic.org/redirect/050912-washpost-surveillance.html White House: Exec. Order on Surveillance Technology (Apr. 23, 2012) http://epic.org/redirect/050912-whitehouse-order-surveillance.html EPIC: Freedom of Information Act http://epic.org/foia/ ======================================================================== [3] EPIC Files Suit for FBI "StingRay" Cell Phone Tracking Documents ======================================================================== EPIC has filed a lawsuit against the Federal Bureau of Investigation under the Freedom of Information Act for documents related to the US Government's use of "StingRay" technology. StingRay devices, commonly referred to as an "IMSI Catchers" or "cell-site simulators," enable the location, interception, and hijacking of a mobile phone's signal source. EPIC is seeking documents specifically related to law enforcement's warrantless use of this technology to locate crime suspects. The FBI has been using StingRay technology for more than 15 years, but the devices are now inexpensive enough to be used by local law enforcement or private entities. EPIC originally submitted a FOIA request to the FBI on February 10. The agency confirmed receipt of EPIC's request but has otherwise failed to respond as required by law. EPIC had requested expedited processing of the initial FOIA request because of the "particular urgency for the public to obtain information about location tracking technology, given the heated debate" over the US Supreme Court's decision in US v. Jones. StingRay technology determines a mobile phone's location by "mimicking" a cell phone tower and pinging the target mobile phone as well as other devices in the vicinity. The target phone responds to the StingRay device, and, by measuring signal strength from a variety of locations, StingRay can triangulate the target phone's precise location. The FBI used a StingRay device in the investigation of a suspected tax- fraud ring in Arizona. That case, United States v. Rigmaiden, has been pending in the District Court of Arizona for nearly three years. The defendant had requested discovery of StingRay technology capabilities and uses against him; in response, the government conceded that the technology is sufficiently intrusive to constitute a search, but denied that the defendant had a reasonable expectation of privacy in the places or items searched. EPIC: Complaint Against FBI re: StingRay (Apr. 26, 2012) http://epic.org/foia/fbi/stingray/EPIC-Complaint.pdf EPIC: Initial FOIA Request to FBI (Feb. 10, 2012) http://epic.org/foia/fbi/stingray/EPIC-FOIA-Request.pdf EPIC: EPIC v. FBI (StingRay) http://epic.org/foia/fbi/stingray/ US District Court of Arizona: US v. Rigmaiden (Oct. 24, 2011) http://www.scribd.com/doc/71170124/Gov-Rigmaiden-Arguendo EPIC: US v. Jones http://epic.org/amicus/jones/ EPIC: Locational Privacy http://epic.org/privacy/location_privacy/default.html ======================================================================= [4] Classified Report Finds Vulnerabilities in Body Scanner Program ======================================================================= The Department of Homeland Security's Office of the Inspector General has completed an investigation into the effectiveness of the body scanner program as deployed in airports for passenger screening. The unclassified summary of the classified final report notes that several vulnerabilities were found in the program, which has already cost US taxpayers more than $87 million. The vulnerabilities were not listed in the unclassified report. DHS has indicated that the full report consists of "Sensitive Security Information" (SSI) and will not be released to the public. EPIC has challenged the SSI designation in another case against the Transportation Security Administration, arguing that SSI is an improper standard for classification. EPIC has asserted that the SSI statute "identifies a broad, general danger, and fails to enumerate what information should be withheld in order to mitigate that danger." In 2011, after extensive testing, the German government decided not to deploy body scanners at German airports. German Interior Minister Hans- Peter Friedrich said in an official statement that the tests demonstrated that the body scanners were not effective enough for nationwide rollout, citing the number of false positives produced by the devices. Italy also removed the scanners from airports in late 2010, determining after repeated testing that the scanners were both "inconvenient and inaccurate." Similarly, the European Commission has stated that body scanners raise "several serious fundamental rights and health concerns," and has recommended less intrusive security measures. EPIC has advocated against airport body scanners since their introduction in US airports. As a result of a lawsuit brought by EPIC against the Department of Homeland Security, the DC Circuit Court of Appeals ruled in 2011 that the Transportation Safety Administration violated federal law by installing body scanners in airports as primary screening devices without first soliciting public comment. In a separate lawsuit against DHS, EPIC has filed a motion of summary judgment requesting that the agency be forced to disclose documents detailing radiation testing results, agency fact sheets on body scanner radiation risks, and an image produced by the machines. OIG: TSA Penetration Testing of Advanced Imaging Technology http://www.oig.dhs.gov/assets/Mgmt/OIG_SLR_12-06_Nov11.pdf German Interior Ministry: Press Release on Scanners (Sept. 2, 2011) http://epic.org/redirect/091311-german-scanner-release.html Italian Civil Aviation Authority http://www.enac.gov.it/Home/ EPIC: EPIC v. DHS (Suspension of Body Scanner Program) http://epic.org/redirect/091311-epic-vs-dhs-scanner-suspension.html EPIC: EPIC v. TSA (Body Scanner Modifications) (Oct. 4, 2011) http://epic.org/foia/tsa/Opp-Mot-for-SJ-Memo.pdf ======================================================================= [5] Congress, CA Consider Bills to Protect Employee Facebook Passwords ======================================================================= US Representatives Eliot Engel (D-NY) and Jan Schakowsky (D-IL) have introduced the "Social Networking Online Protection Act," a bill that would prohibit employers, colleges, universities, and K-12 schools from demanding the usernames or passwords of employees' or students' social media accounts. Similar legislation has been introduced in California. In March, Maryland became the first US state to ban employers from asking employees or applicants for social networking passwords. Senators Richard Blumenthal (D-CT) and Charles Schumer (D-NY) have asked the Equal Employment Opportunity Commission and the US Department of Justice to investigate the practice. According to recent reports, employers have increasingly requested social-network and email account passwords from job applicants in order to gain access to private information such as personal photos, biographical details, and private messages. This practice can also provide access to information that employers are prohibited by law from requesting, including political affiliation, sexual orientation, religion, and marital status. Maryland's bill was introduced after Robert Collins, an employee at the state's Department of Public Safety and Correctional Services, was asked to turn over his Facebook password as part the reinstatement process as a corrections officer. Employers who violate the House bill would be subject to a $10,000 civil penalty. Representative Engel stated, "[w]e must draw the line somewhere and define what is private. No one would feel comfortable going to a public place and giving out their username and passwords to total strangers. They should not be required to do so at work, at school, or while trying to obtain work or an education. This is a matter of personal privacy and makes sense in our digital world." EPIC has a longstanding interest in workplace and social media privacy. EPIC recently filed a "friend of the court" brief in US v. Hamilton, urging the Fourth Circuit Court of Appeals to uphold employee privacy in personal emails. EPIC's brief argued that employees in the modern workplace routinely communicate about private matters with significant others, and that an employee's privacy interest cannot be retroactively waived, as the lower court suggested. US House: Social Networking On-line Protection Act (HR 5050) http://epic.org/redirect/050912-house-socialnet-5050.html CA State Legislature: Social Media Privacy Act (SB 1349) http://epic.org/redirect/050912-CA-socialnet-1349.html MD General Assembly: Senate Bill 433 http://mlis.state.md.us/2012rs/bills/sb/sb0433t.pdf Sen. Richard Blumenthal: Press Release on Password Bill (Mar. 25, 2012) http://epic.org/redirect/050912-blumenthal-bill-pr.html EPIC: "Friend of the Court" Brief in US v. Hamilton (Apr. 6, 2012) http://epic.org/amicus/hamilton/EPIC-Hamilton-Amicus-FINAL.pdf EPIC: United States v. Hamilton http://epic.org/amicus/hamilton/ EPIC: Social Networking Privacy http://epic.org/privacy/socialnet/ EPIC: Workplace Privacy http://epic.org/privacy/workplace/ EPIC: Facebook Privacy http://epic.org/privacy/facebook/ ======================================================================= [6] News in Brief ======================================================================= EPIC Stresses Need For Privacy Evaluation in Drone Testing In May 8 comments to the Federal Aviation Administration (FAA), EPIC emphasized the need for transparency and accountability in drone operations, and recommended the development of privacy protections before drones are more widely deployed in the US. The FAA's Notice of Proposed Rulemaking set out proposed criteria for drone testing, while Congress has tasked the FAA with facilitating the use of drones in the domestic airspace. In February, EPIC, joined by a coalition of more than 100 organizations, experts, and members of the public, petitioned the FAA to conduct a rulemaking on the privacy implications of domestic drone use. EPIC: Comments to FAA on Drone Operation (May 8, 2012) http://epic.org/privacy/drones/EPIC-FAA-2012-0252.pdf FAA: Notice of Proposed Rulemaking on Drones (Mar. 9, 2012) http://www.regulations.gov/#!documentDetail;D=FAA-2012-0252-0001 US Congress: FAA Reauthorization and Reform Act of 2011 (HR 658) http://epic.org/redirect/050912-faa-reauth-2012.html Federal Register: RFC on Drone Test Sites (Mar. 9, 2012) http://www.gpo.gov/fdsys/pkg/FR-2012-03-09/pdf/2012-5735.pdf EPIC et al.: Petition to FAA on Drone Use (Feb. 24, 2012) http://epic.org/privacy/drones/FAA-553e-Petition-03-08-12.pdf EPIC: Unmanned Aerial Vehicles (UAVs) and Drones http://epic.org/privacy/drones/ Terms of Service Grant Google Broad Rights over Google Drive User Data Google's Terms of Service, which govern Google Drive, Google's cloud- based file storage platform, give the company the right to "reproduce, modify, create derivative works" using uploaded content, as well as to "publicly perform, [and] publicly display" files. In 2009, EPIC asked the Federal Trade Commission to require privacy safeguards for Google's cloud-based services. At the time, EPIC cited previously discovered privacy and security flaws, including one that exposed user-generated Google Docs content to unauthorized Google Docs users. Google: Terms of Service https://www.google.com/intl/en/policies/terms/ EPIC: Complaint to FTC re: Cloud Computing (Mar. 17, 2009) http://epic.org/privacy/cloudcomputing/google/ftc031709.pdf Google Blog: Post on Security Flaws (Mar. 9, 2009) http://googledocs.blogspot.com/2009/03/on-yesterdays-email.html EPIC: Cloud Computing and Privacy http://epic.org/privacy/cloudcomputing/ FOIA "Ombudsman" Releases Open Government Report In response to demands from Congress, the Office of Government Information Services (OGIS) has released a long-delayed report with recommendations to improve the administration of the Freedom of Information Act. The report addresses several FOIA processing issues, but doesn't examine the significant issue of delays in FOIA processing, as well as efforts by agencies, such as the Department of Justice, to create new obstacles for FOIA requestors. Nor did OGIS address EPIC's pending request to determine whether the Department of Homeland Security's practice of vetting FOIA requests by political appointees is permissible. OGIS: Recommendations for Improving FOIA procedures (Apr. 24, 2012) http://epic.org/redirect/050912-ogis-foia-recs.html Senate Judiciary Committee: Hearing on FOIA (Mar. 13, 2012) http://epic.org/redirect/050912-senate-foia-hearing.html EPIC: Comments re: proposed DOJ FOIA Regulations (Oct. 18, 2011) http://epic.org/foia/EPIC-DOJ-FOIA-Comments-FINAL.pdf EPIC: House Testimony on DHS FOIA Request Compliance (Mar. 31, 2011) http://oversight.house.gov/wp-content/uploads/2012/01/Verdi_Testimony.pdf EPIC: Litigation Docket http://epic.org/privacy/litigation/ Flawed Cybersecurity Bill Passes House without Privacy, FOIA Safeguards The US House of Representatives has passed the Cyber Intelligence Information Protection Act, or "CISPA", a cybersecurity bill that allows the government to obtain detailed Internet user information from the private sector. The bill preempts established privacy protections in other federal laws, and opens the door for increased surveillance of individuals within the US. CISPA also creates a new Freedom of Information Act exemption, which will reduce government transparency and accountability. In a March 12 statement to the Senate, EPIC stated that the Freedom of Information Act provides the public with important information about network security, and warned that the National Security Agency has become a "black hole" for public information about cybersecurity. US House: CISPA ttp://intelligence.house.gov/hr-3523-bill-and-amendments US House: Final Roll Call on CISPA (Apr. 26, 2012) http://clerk.house.gov/evs/2012/roll192.xml EPIC: Statement to US Senate on FOIA (Mar. 12, 2012) http://epic.org/redirect/050912-epic-senate-cispa.html US Senate: Hearing on FOIA (Mar. 13, 2012) http://epic.org/redirect/050912-senate-foia-hearing.html EPIC: Freedom of Information Act (FOIA) http://epic.org/open_gov/foia/us_foia_act.html EPIC: Cybersecurity http://epic.org/privacy/cybersecurity/default.html EPIC: EPIC v. NSA (FOIA for NSA Cybersecurity Authority) http://epic.org/privacy/nsa/epic_v_nsa.html EPIC: EPIC v. NSA (FOIA for Google/NSA Relationship) http://epic.org/foia/epic_v_nsa_google.html FISA Orders Up, National Security Letters Down, No Request Denied According to the 2011 Foreign Intelligence Surveillance Act (FISA) Report, released April 30 by the Justice Department, the DOJ submitted 1,745 applications to the Foreign Intelligence Surveillance Court, a 10.5% increase over 2010. Of the 1,745 FISA search applications, 1,676 concerned electronic surveillance. The FISA court did not deny any applications, though it did modify 30. Also in 2011, the FBI made 16,511 National Security Letter requests for information pertaining to 7,201 different US persons, a substantial decrease from the 24,287 national security letter requests concerning 14,212 U.S. persons in 2010. The Justice Department's annual report on FISA is far less extensive than the annual wiretap report released by the Administrative Office of the US Courts. EPIC has previously recommended greater accountability for the FISA Court. US Justice Dept: 2011 FISA Report (Apr. 30, 2012) http://www.justice.gov/nsd/foia/reading_room/2011fisa-ltr.pdf Administrative Office of the United States Courts: 2010 Wiretap Report http://epic.org/redirect/071911_2010_wiretap_report.html EPIC: Comments to FISC on Proposed Rule Changes (Oct. 4, 2010) http://epic.org/redirect/050912-epic-fisc-comments.html EPIC: Foreign Intelligence Surveillance Act Court Orders 1979-2011 http://epic.org/privacy/wiretap/stats/fisa_stats.html EPIC: FISA http://epic.org/privacy/terrorism/fisa/ EPIC: Foreign Intelligence Surveillance Act Court Orders 1979-2011 http://www.uscourts.gov/Statistics/WiretapReports.aspx MySpace Settles With FTC Over Deceptive Practices Complaint The Federal Trade Commission has reached a settlement with the social networking service MySpace over charges that MySpace allowed advertisers to access users' personally identifying information after promising to keep such information private. Advertisers were able to access users' unique "Friend ID," and link this identifier to other personal information. The settlement requires MySpace to implement a comprehensive privacy program, submit to independent audits, and refrain from privacy misrepresentations. A Request for Public Comments is available online until June 8, 2012. FTC: Press Release on Settlement with MySpace (May 8, 2012) http://ftc.gov/opa/2012/05/myspace.shtm FTC: Settlement with MySpace http://ftc.gov/os/caselist/1023058/120508myspaceorder.pdf FTC: Request for Public Comments on MySpace Settlement https://ftcpublic.commentworks.com/ftc/myspaceconsent/ EPIC: Federal Trade Commission http://epic.org/privacy/internet/ftc/ EPIC: Social Networking Privacy http://epic.org/privacy/socialnet/ ======================================================================= [7] EPIC in the News ======================================================================= "Homeland Security Concedes Airport Body Scanner 'Vulnerabilities'." Wired, May 7, 2012. http://epic.org/redirect/050912-wired-epic-scanners.html "Facebook's power play." Politico, May 7, 2012. http://www.politico.com/news/stories/0512/75974.html "Suit hits Pentagon over huge 2011 data breach." The Boston Globe, May 5, 2012. http://epic.org/redirect/050912-bostonglobe-epic-breach.html "Government Surveillance Requests Up In 2011, Report Says." The Huffington Post, May 4, 2012. http://epic.org/redirect/050912-epic-huffpost-googdrive.html "Congress Should Grill the FCC Over Redacted Google Wi-Fi Snooping Report." Wired, April 30, 2012. http://www.wired.com/threatlevel/2012/04/opinion-sogohian-google-fcc/ "Data Harvesting at Google Not a Rogue Act, Report Finds." The New York Times, April 28, 2012. http://epic.org/redirect/050912-nytimes-google-data.html "Exclusive: Google releases FCC report on Street View probe." Los Angeles Times, April 28, 2012. http://epic.org/redirect/050912-latimes-streetview.html For More EPIC in the News: http://epic.org/news/epic_in_news.html ======================================================================= [8] Book Review: 'Open Government' ======================================================================= "Open Government: Collaboration, Transparency, and Participation in Practice," Daniel Lathrop & Laurel Ruma http://epic.org/redirect/050912-open-government-lathrop-ruma.html "Open Government" is a beautiful book. It is beautiful to look at, beautiful to read, and beautiful to contemplate, particularly for readers whose passions converge on government transparency, open- source technology, and freedom of information. Clean white pages, spare typography, and the minimalist writing style we've come to expect from the best of O'Reilly & Associates books allow this talented and experienced group of writers, culled from both Washington and Silicon Valley, to clearly present their visions for a more responsive and accountable government, guided by a more informed and participatory electorate. "Open Government" is also a hopeful book. Editors Daniel Lathrop and Laurel Ruma, both journalists and open-government advocates, genuinely believe that technology-based collaborative government is realistic and feasible. Lathrop and Ruma compare "open government" to "open software," a useful and thought-provoking metaphor that threads through the entire volume: "Just as open source software allows users to change and contribute to the source code of their software, open government now means government where citizens not only have access to information, documents, and proceedings, but can also become participants in a meaningful way." This remarkable compilation has something to admire and absorb on every page, even for those on the inside of the Government 2.0 movement. Each chapter, written by experts in academia, industry, and government, including Tim O'Reilly himself, approaches the material from a different angle. While O'Reilly, for example, sees government as a "platform" similar to an operating system, entrepreneur and intelligence analyst Matthew Burton imagines open-government advocates and developers as a kind of digital Peace Corps. Bill Allison of the Sunlight Foundation focuses on the pitfalls of government and "big data," while George Mason University's Jerry Brito sees that same data as a force begging to be liberated from its dark prison of paper files and microfiche. There are chapters viewing open government through the prisms of the Obama Administration's transparency policies; political contributions; Republican philosophy, and even Twitter. The chapter authors are meticulous in listing open-government organizations and web sites within the text. Optimism is not blind here, however, and the book's chapter authors are unafraid to tackle potentially difficult issues involved in moving participatory government into the digital realm. Jeff Jonas's and Jim Harper's chapter "Open Government: The Privacy Imperative", for example, confronts the privacy implications of data transparency, and suggests solutions remarkably similar to the Obama White House's recent 2012 "Consumer Privacy Bill of Rights" even though the book was published in early 2011. Jonas and Harper are similarly aware of how deeply digital democracy must permeate into the population before it becomes commonly accepted: "Open government will succeed only if it appeals to the widest possible audience, including skeptics of government, opponents of any given administration, and people who do not trust technology." "Open Government" is not a volume to be read at one sitting, nor in chapter order. Rather, it's a book to be savored, contemplated, discussed, and used as a basis for further research and action. Let's hope for a revised edition after the 2012 elections. -- EC Rosenberg ================================ EPIC Publications: "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75 http://epic.org/bookstore/foia2010/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, and constitutional values can be ordered at: EPIC Bookstore http://www.epic.org/bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: http://mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [9] Upcoming Conferences and Events ======================================================================= EPIC Champions of Freedom Awards Dinner. 11 June 2012, Washington, DC. For More Information: http://epic.org/june11/. The 12th Privacy Enhancing Technologies Symposium (PETS 2012). 11-13 July 2012, Vigo, Spain. For More Information: http://petsymposium.org/2012/. CONSENT policy conference: "Perceptions, Privacy and Permissions: the role of consent in on-lineservices." 6-7 September 2012, Cluj-Napoca, Romania. Call for papers by 7 June 2012. For More Information: http://conference.ubbcluj.ro/consent/. Amsterdam Privacy Conference. 7-10 October 2012, Amsterdam. For More Information: http://www.ivir.nl/news/CallforPapersAPC2012.pdf. 34th International Conference of Data Protection and Privacy. 23-25 October 2012, Punta del Este, Uruguay. For more information: http://www.privacyconference2012.org/english/sobre-la-conferencia/ noticias/noticia-destacada. The Public Voice conference. 22 October 2012, Punta del Este, Uruguay. For more information: http://www.thepublicvoice.org/. "Computers, Privacy and Data Protection: Reloading Data Protection." 23-25 January 2013, Brussels. For More information: http://www.cpdpconferences.org/. ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: http://facebook.com/epicprivacy http://epic.org/facebook http://twitter.com/epicprivacy Join us on Twitter for #privchat, Tuesdays, 11:00am ET. Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 19.09 ------------------------