EPIC Alert 21.01
======================================================================= E P I C A l e r t ======================================================================= Volume 21.01 January 13, 2014 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/epic_alert_21.01.html "Defend Privacy. Support EPIC." http://epic.org/donate ========================================================================= Table of Contents ========================================================================= [1] EPIC Settles FOIA Case, Obtains Body Scanner Radiation Fact Sheets [2] Senator Markey to Keynote EPIC Student Privacy Event [3] NY Judge Rules NSA Program Legal; Split Emerges Among Courts [4] Federal Appeals Court Rules Against Google in Street View Case [5] Senator Leahy Proposes Consumer Privacy Legislation [6] News in Brief [7] EPIC in the News [8] EPIC Book Review: 'The Adversary' [9] Upcoming Conferences and Events ========================================================================= [1] EPIC Settles FOIA Case, Obtains Body Scanner Radiation Fact Sheets ========================================================================= EPIC has received the documents on airport body scanner radiation that were the subject of EPIC's Freedom of Information Act appeal to the DC Circuit in the case EPIC v. DHS (Body Scanner FOIA Appeal). EPIC had sought records related to radiation risks from body scanners and the threat detection software used by the machines. Until EPIC’s appeal, DHS and TSA had withheld relevant test results, fact sheets, and estimates on the radiation risks. EPIC contended that Judge Royce Lamberth applied the wrong legal test to the two cases brought by EPIC, resulting in a determination that purely factual material, including fact sheets and test results, could be withheld under the "deliberative process privilege" exemption of the FOIA. This exemption states that agencies may withhold materials that are "deliberative and predecisional" in nature, so as to protect the decision-making process by allowing agency officials to speak candidly. EPIC challenged this determination, arguing that purely factual information could not be “deliberative.” After filing an opening brief to the DC Circuit, EPIC engaged in mediation with the Department of Homeland Security for over three months, taking the position that the fact sheets and test results could not be “predecisional” and must be released to the public. In the first week of January, EPIC and DHS were able to negotiate a settlement agreement, resulting in EPIC’s obtaining not only the records sought, but also attorneys’ fees. The fact sheets show that the AS&E SmartCheck backscatter machines deliver a much higher dose of radiation than some of the alternative models. Two of the documents released contained descriptions of the standards developed for maximum radiation dose recommended by the Center for Devices and Radiological Health. The SmartCheck, if implemented, could exceed the maximum radiation dose indicated in the descriptions of the standards. However, the fact sheets indicate that TSA and DHS ordered backscatter devices from Rapiscan, a different company. The fact sheets also show that the agency did not perform a "quantitative analysis" of risks and benefits before implementing the body scanner program. EPIC raised that concern in the 2011 lawsuit EPIC v. DHS (Suspension of Body Scanner Program). In that case, EPIC successfully challenged the TSA’s unlawful deployment of the airport “backscatter” machines, which rendered images of air travelers stripped naked. EPIC’s lawsuit described the lack of adequate privacy safeguards for the backscatter x-ray scanners, the ineffectiveness of the devices, and the potential health risks to travelers. EPIC also noted that the agency had not performed an analysis of the potential costs and benefits of implementing the devices. EPIC urged the agency to end the body scanner program and instead use noninvasive walk through metal detector and explosive trace detection devices. Following the EPIC lawsuit, the TSA removed the nude body scanners from US airports. EPIC: FOIA Documents on Body Scanner Radiation (Jan. 2014) http://epic.org/redirect/011314-epic-radiation-foia.html EPIC: Opening Brief in EPIC v. DHS (Oct. 1, 2013) http://epic.org/redirect/101113-epic-v-dhs-brief.html DC District Ct.: Decision in EPIC v. DHS (Scanners) (Mar. 7, 2013) http://epic.org/privacy/body_scanners/EPIC-v-TSA-11-00290.pdf EPIC: EPIC v. DHS (Body Scanner FOIA Appeal) http://epic.org/foia/dhs/bodyscanner/appeal/ EPIC: EPIC v. DHS (Body Scanners) http://epic.org/privacy/airtravel/backscatter/epic_v_dhs.html EPIC: Initial Documents from DHS re: Body Scanners (Feb. 11, 2013) http://epic.org/foia/dhs/usss/Secret-Service-Docs-1.pdf EPIC: EPIC v. DHS: Suspension of Body Scanner Program http://epic.org/redirect/030113-epic-v-dhs-scan-suspension.html Whole Body Imaging Technology and Body Scanners http://epic.org/privacy/airtravel/backscatter/ EPIC: EPIC v. TSA (Body Scanner Modifications) http://epic.org/foia/tsa/atr/ EPIC: Comments on the Nude Body Scanner Proposal http://epic.org/TSAcomment/ ======================================================================== [2] Senator Markey to Keynote EPIC Student Privacy Event ======================================================================== EPIC will host a January 14 public panel in Washington, DC to discuss the current state of student privacy. The panel will feature prominent student privacy experts including longtime champion of privacy rights Senator Ed Markey (D-MA), who will keynote the discussion and set out recommendations for new student privacy safeguards. Panelists include EPIC President Marc Rotenberg, the US Education Department's Chief Privacy Officer Kathleen Styles, Fordham University Law Professor Joel Reidenberg, EPIC Advisory Board members Pablo Molina and Dr. Deborah Peel, and EPIC Administrative Law Counsel Khaliah Barnes. In 2013, Senator Markey sent a letter to the US Education Department requesting information on the "impact of increased collection and distribution of student data" on student privacy rights. Markey's questions included why the federal agency made changes to the Family Educational Rights and Privacy Act, a federal student privacy law; whether the agency "performed an assessment of the types of information" that schools disclose to third party vendors; and whether students and their families can obtain their information held by private companies. "By collecting detailed personal information about students' test results and learning abilities, educators may find better ways to educate their students. However, putting the sensitive information of students in private hands raises a number of important questions about the privacy rights of parents and their children," Markey wrote. Also in 2013, EPIC sent a letter to the US Senate and House Committees on Education, urging Congress to restore privacy protections for student data. EPIC also filed an extensive complaint with the Federal Trade Commission over the business practices of Scholarships.com, a website that encourages students to divulge sensitive medical, sexual, and religious data in order to obtain financial aid information. Scholarships.com claims that this information is used to locate scholarships and financial aid; the company, however, transfers student data to a business affiliate, American Student Marketing, which in turn sells the data for general marketing purposes. EPIC's complaint alleges that this is an unfair and deceptive trade practice, as is scholarships.com's failure to employ reasonable security measures. Following EPIC's complaint, the company improved website security. EPIC has been a longstanding advocate for student rights. In 2013, EPIC filed a Freedom of Information Act lawsuit against the Education Department to uncover information about student loan debt-collection practices. As government contractors, debt collectors are required to follow the Privacy Act, a federal law that protects personal information. The Education Department also requires student-debt collectors to submit quality control reports indicating whether the companies maintain accurate student loan information. Pursuant to the lawsuit, EPIC obtained documents revealing that many private debt collection agencies maintain incomplete and insufficient quality control reports. In 2012, EPIC supported a moratorium on RFID student monitoring. In 2005, EPIC published a "Spotlight on Surveillance" scrutinizing the Student and Exchange Visitor Information System ("SEVIS"). EPIC: "Failing Grade" (Symposium on Student Privacy) (Jan. 14, 2014) http://epic.org/events/student-privacy14/ Sen. Ed Markey: Letter to ED re: FERPA Rule Changes (Oct. 22, 2013) http://www.markey.senate.gov/documents/2013-10-22_FERPA.pdf EPIC: EPIC v. U.S. Department of Education http://epic.org/apa/ferpa/ EPIC: Letter to Education Committees re: Student Privacy (Oct. 9, 2013) http://epic.org/apa/ferpa/EPIC-ED-Student-Privacy-Letter.pdf EPIC: FTC Complaint re: Scholarships.com (Dec. 12, 2013) http://epic.org/privacy/student/EPIC-FTC-Compl-Scholarships.com.pdf Scholarships.com https://www.scholarships.com/ EPIC: EPIC v. ED - Private Debt Collector Privacy Act Compliance http://epic.org/foia/ed/default.html EPIC: Conserve Quality Control Reports http://epic.org/foia/ed/ConServe.pdf EPIC: FOIA Docs Coast Professional Inc. Quality Control Reports (2010) http://epic.org/foia/ed/Coast.pdf EPIC: Spotlight on Surveillance, "SEVIS Database" (Sep. 2005) http://epic.org/privacy/surveillance/spotlight/0905/ EPIC: Student Privacy http://epic.org/privacy/student/ ========================================================================= [3] NY Judge Rules NSA Program Legal; Split Emerges Among Courts ========================================================================= A federal judge in New York has granted the US government's motion to dismiss in ACLU v. Clapper, a case challenging the NSA metadata program. Judge William Pauley ruled that the NSA's bulk collection of "virtually every telephone call to, from, or within the United States" was reasonable under the Fourth Amendment. This decision was handed down less than two weeks after Judge Richard Leon of the District Court for the District of Columbia granted plaintiff's motion for a preliminary injunction in Klayman v. Obama, another challenge to the NSA metadata program, based on Judge Leon's conclusion that the program likely violates the Fourth Amendment. These cases will provide the basis for review of the NSA program by federal appellate courts, setting the stage for potential review by the US Supreme Court. Judge Pauley held that the NSA's collection of "virtually all" domestic metadata is permissible under the Fourth Amendment based on the Supreme Court's 1979 decision in Smith v. Maryland, which found that the installation of a "pen register" device to record metadata about an individual target's home-phone calls was not a Fourth Amendment search. Judge Pauley also rejected the ACLU's First Amendment "chilling effects" claim because the ACLU's fear that NSA would query the group's call records was too speculative. Regarding ACLU's statutory challenges under the APA and the FISA, Judge Pauley held that Congress intended to preclude judicial review of 215 Orders by "anyone other than a recipient" of the order. The ACLU has filed a notice of appeal, and the US Court of Appeals for the Second Circuit will hear the case in 2014. In contrast with Judge Pauley's ruling, the injunction granted by Judge Leon in Klayman v. Obama was a resounding victory for the plaintiffs. Judge Leon held that the plaintiffs in Klayman have a reasonable expectation of privacy that is violated when the Government "indiscriminately collects their telephone metadata along with the metadata of hundreds of millions of other citizens without any particularized suspicion of wrongdoing, retains all of that metadata for five years, and then queries, analyzes, and investigates that data without prior judicial approval of the investigative targets." The President's Review Group recently released a report of 46 recommendations "designed to protect our national security and advance foreign policy while also respecting our longstanding commitment to privacy and civil liberties." Chief among the recommendations is the termination of the NSA's bulk collection of telephony metadata. The recommendations also included calls for providing detailed information to Congress and the public about various authorities, including National Security Letters and section 215 business records, which are used in the bulk telephony metadata program. In 2013 EPIC filed a petition in the US Supreme Court challenging the legality of the bulk metadata program. EPIC's petition asked the Court to vacate an unlawful order by the Foreign Intelligence Surveillance Court that enabled the bulk telephony meta-data program. Dozens of legal scholars and former members of the Church Committee filed amicus briefs in support of the EPIC petition, urging the Supreme Court to take the case and overturn the court order. However, the Court denied EPIC's petition without comment. NY District Court: Decision in ACLU v. Clapper (Dec. 27, 2013) http://www.nysd.uscourts.gov/cases/show.php?db=special&id=364 DC District Court: Decision in Klayman v. Obama (Dec. 16, 2013) http://epic.org/privacy/nsa/Klayman-v-Obama.pdf Review Board: "Liberty and Security in a Changing World" (Dec. 2013) http://epic.org/redirect/122013-WH-NSA-report.html EPIC: Petition to US Supreme Court re: Verizon Records (Jul. 8, 2013) http://epic.org/EPIC-FISC-Mandamus-Petition.pdf EPIC: NSA: Verizon Phone Record Monitoring http://epic.org/privacy/nsa/verizon/ EPIC: In re EPIC - NSA Telephone Records Surveillance https://epic.org/privacy/nsa/in-re-epic/ ========================================================================= [4] Federal Appeals Court Rules Against Google in Street View Case ========================================================================= A federal appeals court has denied Google's petition for rehearing "en banc" in the case Joffe v. Google, a suit brought by individuals whose private Wi-Fi communications, including passwords and other sensitive information, were intercepted by Google trucks during the development of Google Street View. According to the ruling, the three-judge panel "granted in part a petition for rehearing, filed an amended opinion affirming the district court, and denied petition for rehearing en banc on behalf of the court in an interlocutory appeal from the district court's order denying a motion to dismiss claims that Google violated the Wiretap Act when it collected data from unencrypted Wi-Fi networks in the course of capturing its Street View photographs." EPIC filed a 2012 "friend of the court" brief in the case, arguing that Wi-Fi communications "are not 'broadcast' like traditional radio communications; they are sent from one device to another directly and there is nothing about the typical configuration of a Wi-Fi device to suggest that users expect that their communications between these devices would be 'readily accessible to the general public.'" The appellate panel found in September 2013 that Wi-Fi "payload" data are not exempt from protection under the Wiretap Act. The panel agreed with EPIC that the term “radio communication” "excludes payload data transmitted over a Wi-Fi network" and thus the Wi-Fi signals were not “readily accessible to the general public." Google recently reached a $7 million settlement with the attorneys general of 38 states and the District of Columbia over the Street View collection. Ninth Circuit Court: Ruling in Joffe v. Google (Dec. 27, 2013) http://epic.org/redirect/011314-9th-circuit-joffe.html Ninth Circuit Court: 1st Ruling in Joffe v. Google (Sep. 10, 2013) http://epic.org/redirect/091613-9th-circuit-joffe-decision.html EPIC: "Friend of the Court" Brief in Joffe v. Google (Mar. 30, 2012) http://epic.org/redirect/091613-epic-amicus-joffe.html NAAG: Settlement with Google re: Street View Violations (Mar. 12, 2013) http://www.ct.gov/ag/cwp/view.asp?Q=520518&A=2341 EPIC: Ben Joffe v. Google http://epic.org/amicus/google-street-view/ EPIC: Investigations of Google Street View http://epic.org/privacy/streetview/ ======================================================================== [5] Senator Leahy Proposes Consumer Privacy Legislation ======================================================================== Senator Patrick Leahy (D-VT) has reintroduced the "Personal Data Privacy and Security Act of 2014." The Act would strengthen privacy and data security by establishing a national standard for data breach notification, and requiring companies to create a data privacy and security program to protect and secure sensitive data. The bill has been introduced in each of the last four Congresses. Senator Leahy stated that the reintroduction of the Act was a response to a massive data breach at Target that compromised the personal data of more than 70 million consumers. The Act covers any business that collects personal information on 10,000 or more US persons. Covered businesses would be required to design and implement "a comprehensive personal data privacy and security program that includes administrative, technical, and physical safeguards appropriate to the size and complexity of the business entity and the nature and scope of its activities."Data privacy and security programs must protect against anticipated threats, prevent unauthorized access and use of personal information, and ensure safe disposal of personal data. The Act also makes it a crime to conceal a security breach, expands the scope of the offense for trafficking in passwords, and requires the US Attorney General to report to Congress the number of criminal cases brought under the Computer Fraud and Abuse Act. The Act also contains a preemption clause that nullifies state data protection laws; EPIC has previously recommended against federal privacy laws that preempt stronger state laws. The White House is has expressed support for consumer privacy legislation based on the 2012 "Consumer Privacy Bill of Rights." Senator Patrick Leahy (D-VT): Press Release on 2014 Act (Jan. 8, 2014) http://epic.org/redirect/011314-leahy-press-release.html Sen. Leahy: Text of Personal Data Privacy Act http://epic.org/redirect/011314-leahy-data-privacy-act.html US Department of Commerce: CPBR (Feb. 2012) http://www.whitehouse.gov/sites/default/files/privacy-final.pdf EPIC: Identity Theft http://epic.org/privacy/idtheft/ EPIC: Privacy and Preemption https://epic.org/privacy/preemption/ ======================================================================== [6] News in Brief ======================================================================== FCC Seeks Public Comment to Protect Phone Record Privacy The Federal Communications Commission has invited public comments on a petition requesting the FCC to rule that the sale of consumer phone records to the government is a violation of the federal Communications Act. EPIC joined the petition, which was organized by Public Knowledge. In 2013, EPIC urged the FCC to determine whether AT&T violated the Communications Act when it sold private consumer call detail information to the Drug Enforcement Administration and Central Intelligence Agency. In 2013 EPIC also wrote to the FCC to explain that Verizon had likely violated the Communications Act when it disclosed telephone records to the NSA. Public comments on the petition are due January 17, 2014 and reply comments are due February 3, 2014. FCC: RFC on Sale of Consumer Phone Records (Dec. 18, 2013) http://epic.org/redirect/011314-phone-records-rfc.html Public Knowledge et al.: Petition to FCC re: AT&T (Dec. 11, 2013) http://epic.org/redirect/122013-public-knowledge-petition.html EPIC: Letter to FCC re: AT&T (Nov. 15, 2013) http://epic.org/privacy/terrorism/fisa/EPIC-FCC-Wheeler-Ltr.pdf EPIC: Letter to FCC re: Verizon (Jun. 11, 2013) http://epic.org/privacy/terrorism/fisa/EPIC-FCC-re-Verizon.pdf EPIC: CPNI (Customer Proprietary Network Information) http://epic.org/privacy/cpni/ http://epic.org/privacy/terrorism/fisa/ http://epic.org/privacy/terrorism/fisa/ Snapchat Data Breach Exposes 4.6 Million Usernames A data breach has exposed the usernames and partial phone numbers of 4.6 million users of Snapchat, a popular photo- and video-sharing app. The breach was accomplished by exploiting a flaw that security researchers had previously brought to the company's attention. In 2013, EPIC filed a complaint with the Federal Trade Commission over Snapchat's deceptive claim that photos would "disappear forever" after a set period of time. The Federal Trade Commission thus far has failed to take action on the EPIC complaint. Snapchat DB: List of Exposed Usernames (Jan. 2014) http://www.snapchatdb.info/ GiBSec: SnapChat Security Advisory (Aug. 27, 2013) http://gibsonsec.org/snapchat/ EPIC: Complaint to FTC re: Snapchat (May 16, 2013) http://epic.org/privacy/ftc/EPIC-Snapchat-Complaint.pdf EPIC: Federal Trade Commission http://epic.org/privacy/internet/ftc/ Appeals Court Rules that Legal Policy Memos Can Be Withheld from FOIA The Court of Appeals for the DC Circuit has ruled that the FBI may withhold a memo prepared by the Office of Legal Counsel concerning the law governing "exigent letter" requests to telephone companies for call records. The court's decision affirmed an earlier opinion that the memo was privileged advice, and thus exempt from disclosure under the Freedom information Act. The Electronic Frontier Foundation had argued that the memo was "working law" and not simply advice from government lawyers. However, the Court of Appeals found that the FBI had not itself adopted the advice of government lawyers. In a separate 2013 case in which the Department of State followed the guidance of Justice Department lawyers, EPIC filed a "friend of the court brief" in support of The New York Times and the ACLU and argued for the release of opinions of the Office of Legal Counsel. DC Appeals Court: Ruling on OLC Memos (Jan. 3, 2014) http://epic.org/redirect/011314-dc-ruling-olc-memos.html DC District Court: Appeal Decision in EFF v. DOJ (Nov. 16, 2012) http://epic.org/redirect/011314-ruling-eff-doj.html EPIC: "Friend of the Court" Brief in NYT v. DOJ (Apr. 22, 2013) http://epic.org/redirect/043013-epic-nyt-doj-amicus.html EPIC: EPIC v. NSA: Cybersecurity Authority http://epic.org/privacy/nsa/epic_v_nsa.html EPIC: New York Times v. DOJ http://epic.org/amicus/foia/new-york-times/ DOD Proposes Autonomous Drones, Expanded Surveillance Mission A new Department of Defense report, "Unmanned Systems Integrated Roadmap," sets out "a technological vision for the next 25 years" of drone deployment. The DoD report suggests that budget cuts are increasing the need for autonomous drones with onboard intelligence. The new DOD report states that surveillance is one of the primary purposes for pursuing drone technology, particularly for "surveillance missions that involve prolonged observation." A 2010 EPIC FOIA request revealed that domestic drones used by the Department of Homeland Security can be deployed with the ability to intercept electronic communications and to recognize individuals on the ground. EPIC has recommended privacy safeguards to limit drone surveillance within the US. DoD: "Unmanned Systems Integrated Roadmap" (Jan. 2014) http://www.defense.gov/pubs/DOD-USRM-2013.pdf EPIC: FOIA Documents on Drone Capabilities (2010) http://epic.org/privacy/drones/EPIC-2010-Performance-Specs-1.pdf EPIC: UAVs and Drones http://epic.org/privacy/drones/ French Data Protection Authority Fines Google for Data Consolidation French data protection authority CNIL has fined Google €150,000 (approximately $200,000) for consolidating user data. The decision follows an investigation triggered by the collapse of the Google privacy policy in March 2012, which allowed the company to combine user data across 60 Internet services to create detailed profiles on Internet users. In 2012, EPIC sued the Federal Trade Commission to force the agency to enforce the terms of a settlement with Google that would have prohibited Google's changes in business practices. Google's consolidation also prompted objections from state attorneys general, members of Congress, and IT managers in the government and private sectors. CNIL: Press Release on Google Fines (Jan. 8, 2014) http://epic.org/redirect/011314-cnil-google-fines.html NAAG: Letter to Google (Feb. 22, 2012) http://epic.org/redirect/041613-naag-letter-google.html US Congress: Letter to FTC Chair re: Google (Feb. 17, 2012) http://epic.org/redirect/102612-privacy-caucus-letter.html SafeGov: 'Google's new policy is unacceptable' (Jan. 25, 2012) http://epic.org/redirect/022912-safegov-google-post.html EPIC: In re Google Buzz https://epic.org/privacy/ftc/googlebuzz/ EPIC: Enforcement of Google Consent Order https://epic.org/privacy/ftc/google/consent-order.html ======================================================================== [7] EPIC in the News ======================================================================== "New Gmail messaging feature causes privacy concerns." BBC UK, Jan. 10, 2014. http://www.bbc.co.uk/news/technology-25680010 "The bright side to the Target hack? It's getting Congress moving." The Washington Post, Jan. 10, 2014. http://www.washingtonpost.com/blogs/the-switch/wp/2014/01/10/the- bright-side-to-the-target-hack-its-getting-congress-moving/ "The Next Privacy Battle May Be Waged Inside Your Car." The New York Times, Jan. 10, 2014. http://www.nytimes.com/2014/01/11/business/the-next-privacy-battle- may-be-waged-inside-your-car.html?_r=0 "Gmail lets strangers on Google+ email you (but you can opt out)." Los Angeles Times, Jan. 9, 2014. http://www.latimes.com/business/technology/la-fi-tn-gmail-google- plus-email-privacy-20140109,0,6178540.story#ixzz2q2bFdDq8 "White House meets with privacy advocates to discuss NSA surveillance." The Guardian, Jan. 9, 2014. http://www.theguardian.com/world/2014/jan/09/white-house-meets- privacy-advocates-nsa-phone-data "NSA's Harshest Critics Meeting With White House Officials Tomorrow." Mother Jones, Jan. 8, 2014. http://www.motherjones.com/mojo/2014/01/top-white-house-lawyer- meeting-nsa-critics "The U.S. National Security Apparatus." NPR's The Diane Rehm Show, Jan. 6, 2014. http://thedianerehmshow.org/shows/2014-01-06/us-national-security- apparatus "Snapchat Hires Big Guns On Capitol Hill After Huge Data Breach." The Huffington Post, Jan. 6, 2014. http://www.huffingtonpost.com/2014/01/06/snapchat-lobbying_n_ 4549980.html?utm_hp_ref=politics "Google loses another appeal in Street View privacy row." DNA India, Jan. 6, 2014. http://www.dnaindia.com/scitech/report-google-loses-another-appeal- in-street-view-privacy-row-1946154 "Consumer Electronics Show will highlight new ways to collect biometric data. The Washington Post, Jan. 5, 2014. http://www.washingtonpost.com/business/technology/consumer- electronics-show-will-highlight-new-ways-to-collect-biometric-data/ 2014/01/05/e8eac584-74c4-11e3-8def-a33011492df2_story.html "Putting Drones to the Test." The New York Times (Editorial), Jan. 4, 2014. http://www.nytimes.com/2014/01/05/opinion/sunday/putting-drones-to- the-test.html?src=recg "Student privacy concerns grow over 'data in a cloud'." The Washington Post, Jan. 3, 2014. http://www.washingtonpost.com/blogs/answer-sheet/wp/2014/01/03/ student-privacy-concerns-grow-over-data-in-a-cloud/ "Looking for a college major? How about drone technology." USA Today, Jan. 2, 2014. http://www.usatoday.com/story/news/nation/2013/12/31/drone- technology-uav-unmanned-aircraft/3683835/ "Agencies Behaving Badly: Government Surveillance and Privacy Act Violations," by EPIC Administrative Law Counsel Khaliah Barnes. Jurist, Jan. 2, 2014. http://jurist.org/hotline/2014/01/khaliah-barnes-privacy-act.php "Appeals court again nixes Google's bid to overturn Street View case." ComputerWorld, Jan. 2, 2014. http://www.computerworld.com/s/article/9245122/Appeals_court_ again_nixes_Google_s_bid_to_overturn_Street_View_case "Fourth Amendment Eroded," by EPIC Domestic Surveillance Counsel Amie Stepanovich. Reason, January 2014. http://reason.com/archives/2013/12/29/fourth-amendment-eroded For More EPIC in the News: http://epic.org/news/epic_in_news.html ======================================================================== [8] EPIC Book Review: 'The Adversary' ======================================================================== "The Adversary," Reece Hirsch http://epic.org/redirect/011314-the-adversary-hirsch.html "The Adversary" is a satisfying hard-boiled mash of pop novel genres: a cypherpunk, lawyer-detective, conspiracy-theory, blow-up-Manhattan thriller with furious pacing and compelling characters and scenarios. Reece Hirsch's second novel is dizzyingly, compulsively readable. "The Adversary" is the first in a series of "Chris Bruen" novels. Bruen, like Hirsch, is an attorney at a prominent San Francisco tech-law firm; in Bruen's case the firm's major client is BlueCloud, maker of Aspira, the world's largest operating system. A cadre of black hat hackers with spiffy noms de guerre has found a critical flaw in Aspira's code, and they plan on exploiting it to . . . Bruen, still exhausted and reeling after his wife's recent death from cancer and his own experimental cancer treatment, isn't sure. But if the hackers - who send him cryptic messages to fly immediately to Europe "or else" and torture and kill in innovative ways - are as dangerous as they appear, his inaction will devastate the US. Bruen himself has a hacker past he prefers to hide; the black hats also appear to know his history, and use their knowledge to manipulate him technically and psychologically. To say more would ruin the fun - the novel's pacing depends largely on surprise. One of Hirsch's dilemmas is how to incorporate hacker jargon and technical terminology, both crucial to understanding the novel's plot, into its narrative. Often Hirsch must pull away from the action, sometimes for a full paragraph or more, but he should get extra credit for his surprisingly unobtrusive exposition. There are several loose ends flapping at the end of "The Adversary;" perhaps Hirsch is loading the gun for Chris Bruen's next adventure. Who's that scary NSA guy, and is he good or bad, and is the NSA responsible for the creation of the malicious code in the first place? Are we going to find ourselves in the midst of a real government conspiracy? What's actually happened to Bruen's old flame, Sarah? And can Bruen and his new hacker gal-pal Zoey maintain a professional relationship? If you've got a long plane ride - and hopefully not one whose signals are scrambled by the malevolent hackers whose carefully engineered mid-air crash over Albuquerque begins the novel - you probably can chomp through "The Adversary" in a sitting. Otherwise the novel will be a distraction, goading you to read just the next chapter, discover just the next secret - until you finish it in one sitting anyway. -- EC Rosenberg ======================================= EPIC Bookstore ======================================= "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75. http://epic.org/bookstore/foia2010/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, and constitutional values can be ordered at: EPIC Bookstore: http://www.epic.org/bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: http://mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [9] Upcoming Conferences and Events ======================================================================= EPIC Presents "Failing Grade: Education Records and Student Privacy." Washington, DC, January 14, 2014. For More Information: http://epic.org/events/student-privacy14/. Technology Policy Institute Presents "The Big Data Revolution: Privacy Considerations." Washington, DC, January 15, 2014. For More Information: http://techpolicyinstitute.org/events/ register/112.html. "Big Data and Security in Europe: Challenges and Opportunities." Speaker: EPIC President Marc Rotenberg. Brussels, January 21, 2014. For More Information: http://epic.org/2014/01/big-data-and-security- in-europ.html. "Privacy in the Networked World," featuring EPIC Appellate Advocacy Counsel Alan Butler. Waikoloa, Hawaii, January 26, 2014. For More Information: http://www.alaskatel.org/Flyer2.pdf. Fourth Annual International Summit on the Future of Health Privacy. Washington, DC, June 4-5, 2014. For More Information: http://patientprivacyrights.org/summit/. IEEE Presents "Reintroducing Norbert Wiener in the 21st Century." Boston, 24-26 June 2014. For More Information: http://21stcenturywiener.org. ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: http://facebook.com/epicprivacy http://epic.org/facebook http://twitter.com/epicprivacy Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Donate to EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/support Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government and private-sector infringement on constitutional values. Thank you for your support. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 21.01------------------------