EPIC Alert 21.21
======================================================================= E P I C A l e r t ======================================================================= Volume 21.21 November 17, 2014 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, DC http://www.epic.org/alert/epic_alert_21.21.html "Defend Privacy. Support EPIC." http://epic.org/support ========================================================================= Table of Contents ========================================================================= [1] EPIC Prevails in Case Against FBI re: Next Generation ID [2] EPIC Urges Federal Court to Uphold FTC Data Security Authority [3] EPIC Testifies Against Changes to Judicial Rules re: Police Hacking [4] EPIC Urges Privacy Board to Focus on Privacy Act Enforcement [5] EPIC Urges Defense Dept. to Adopt Strong Open Government Rules [6] News in Brief [7] EPIC in the News [8] EPIC Book Review: 'Privacy Policy' [9] Upcoming Conferences and Events Breaking News - EPIC’s Marc Rotenberg to Debate NSA Former General Counsel Stewart Baker on "The Right to Be Forgotten" Diane Rehm Show (NPR/WAMU) Tuesday, November 18, 2014 http://thedianerehmshow.org/shows/2014-11-18/the_right_to_be_forgotten @drshow @EPICprivacy #R2bF TAKE ACTION: Rock the Freedom of Information Act with FOIA.ROCKS! VISIT EPIC's New FOIA Domain: http://foia.rocks TWEET in Support of FOIA: #FOIAat40 LEARN about EPIC's FOIA Work: https://epic.org/foia/ SUPPORT EPIC: https://epic.org/support/ ========================================================================= [1] EPIC Prevails in Case Against FBI re: Next Generation ID ========================================================================= A federal court has ruled that EPIC "substantially prevailed" in an open government lawsuit against the FBI for information on the agency's massive biometric database. The court also awarded attorneys' fees to EPIC, finding that "There can be little dispute that the general public has a genuine, tangible interest in a system designed to store and manipulate significant quantities of its own biometric data, particularly given the great numbers of people from whom such data will be gathered." EPIC's lawsuit led to the disclosure of hundreds of pages about "Next Generation Identification," a vast FBI database program including fingerprints, DNA profiles, iris scans, palm prints, voice identification profiles and photographs of millions of Americans suspected of no crime. The documents received through EPIC's lawsuit revealed the FBI's acceptance of a 20% error rate for the NGI database's facial recognition software. Technical specifications for another facial recognition project revealed that the FBI extended access to the biometric database to state and local law enforcement for the purpose of running facial recognition queries. During a 2012 Senate hearing, the FBI promised to update the privacy assessment of the NGI database, focusing on facial recognition. In February 2014, EPIC filed a Freedom of Information Act Request for the updated Privacy Impact Assessment. The FBI responded that the assessment was still being drafted and thus not available for release. Privacy Impact Assessments are required by law when databases will contain Personally Identifiable Information such as biometric identifiers. In June, EPIC and a coalition of over 30 other organizations wrote to US Attorney General Eric Holder, urging that he immediately conduct a privacy assessment of NGI. In September, the FBI announced that the Next Generation Identification system had reached "full operational capability." No privacy assessment for the biometric database has been made public. EPIC has recommended new privacy safeguards and greater Congressional oversight of the NGI program and other identification techniques. EPIC: Memorandum Opinion in EPIC v. FBI (Nov. 5, 2014) https://epic.org/foia/fbi/ngi/Opinion.pdf EPIC: Complaint in EPIC v. FBI (Apr, 8, 2014) https://epic.org/foia/fbi/ngi/Complaint.pdf EPIC et al.: Letter to AG to Review NGI Program (Jun. 24, 2014) http://privacycoalition.org/Ltr-to-Review-FBI-NGI-Program.pdf EPIC: FOIA Request re: Facial Recognition PIA (Feb. 28, 2014) http://epic.org/foia/fbi/EPIC.Request.FBI.PIA.FR.PDF EPIC: FBI Response to EPIC FOIA request (Mar. 19, 2014) http://epic.org/foia/fbi/FBI.Response.PIA.FR.pdf EPIC: EPIC v. FBI - Next Generation Identification https://epic.org/foia/fbi/ngi/ ======================================================================== [2] EPIC Urges Federal Court to Uphold FTC Data Security Authority ======================================================================== EPIC, joined by 33 technical experts and legal scholars, has filed a "friend of the court" brief in support of the Federal Trade Commission's authority to establish data security standards. The case, FTC v. Wyndham, is before the Third Circuit Court of Appeals. The case arose when hackers infiltrated the computer networks of Wyndham Worldwide Corporation, a global hotel company, and stole customer credit card information, which was then used for millions of dollars in fraudulent charges. According to the suit, Wyndham ignored multiple warning signs that the company network had been compromised and failed to "address repeated and obvious security lapses that left its computer networks vulnerable to intruders." The FTC filed suit in federal district court against Wyndham for failing to maintain reasonable and appropriate data security practices for sensitive customer data. The FTC further alleged that Wyndham's data security practices were "unfair and deceptive" acts prohibited by Section 5 of the FTC Act. Wyndham responded by challenging the FTC's authority to bring an enforcement action against a company that fails to protect consumer data. EPIC's "friend of the court" brief details the extent of US data security risks, the important role of the FTC in safeguarding consumer data, and the danger of removing that authority: "The FTC's authority to regulate business practices impacting consumer privacy is well established, the problem is obvious, and the agency has a clear record of success," EPIC states. EPIC also cites 50 successful enforcement actions against companies that failed to safeguard customer data, and several data protection cases currently pending before the FTC. EPIC's brief similarly highlights the American consumers' vulnerability to identity theft and financial fraud, pointing out that the cost of US credit card fraud grew to $7.1 billion in 2013, at least $500 million of which was attributable to enormous data breaches at major retailers. Over more than 10 years of bringing data security actions, EPIC explains, the FTC has become expert at identifying data protection problems in consumer-facing companies and in devising appropriate remedies. Thus, EPIC warned, "Removing the FTC's authority to regulate data security would be to bring dynamite to the dam." EPIC: "Friend of the Court" Brief in Wyndham v. FTC (Nov. 12, 2014) https://www.epic.org/amicus/ftc/wyndham/Wyndham-Amicus-EPIC.pdf EPIC: Wyndham v. FTC https://www.epic.org/amicus/ftc/wyndham/default.html EPIC: Consumer Privacy https://epic.org/privacy/consumer/ EPIC: Cybersecurity Privacy Practical Implications https://epic.org/privacy/cybersecurity/ EPIC: FTC http://epic.org/privacy/internet/ftc ========================================================================= [3] EPIC Testifies Against Changes to Judicial Rules re: Police Hacking ========================================================================= EPIC Senior Counsel Alan Butler appeared November 4 before the Judicial Conference Advisory Committee on the Rules of Criminal Procedure, testifying against a proposed amendment to Rule 41, which involves Search and Seizure. The proposed amendment would authorize judges to issue "remote access" search warrants, thus permitting law enforcement officers to seize or copy files stored on a remote computer, even when they do not know the computer's physical location. The execution of these warrants would require sophisticated hacking tools, and could be authorized in any case if, according to the draft of the proposed amendment, (1) "the district where the media or information is located has been concealed through technological means"; or (2) the target device is infected by a botnet. The revised rule would not require that an officer notify the target at the time the search was conducted, but rather that the officer make "reasonable efforts to serve a copy of the warrant on the person whose property was searched." In his written statement, EPIC's Butler argued, "[T]he proposed amendments to Rule 41 would authorize searches beyond the scope permissible under the Fourth Amendment." Specifically, Butler stated that remote access warrants are equivalent to "covert entry" warrants, and should only be permitted when the methods are necessary to effectuate the search, and notice is given to the target within a reasonable time after the search is conducted. Butler noted that the US Supreme Court has found "illegitimate and unconstitutional practices get their first footing . . . by silent approaches and slight deviations from legal modes of procedures." EPIC previously filed a "friend of the court" brief in United States v. Bach, a case in the US Court of Appeal for the Eighth Circuit challenging a faxed warrant on an Internet Service Provider and arguing that officer presence is required during the execution of a warrant. The Advisory Committee on the Rules of Criminal Procedure will consider comments on its draft rules until February 17, 2015. EPIC: Testimony on Rule 41 (Nov. 5, 2014) http://epic.org/redirect/111714-epic-41-testimony.html Judicial Advisory Committee: Draft of Proposed Amendments (Aug. 2014) http://epic.org/redirect/111714-41-proposed-amendments.html Politico: "Today Groups Argue FBI Hacking Rule"(Nov. 5, 2014) http://www.politico.com/morningcybersecurity/1114/ morningcybersecurity15967.html EPIC: US v. Bach https://epic.org/privacy/bach/ ======================================================================== [4] EPIC Urges Privacy Board to Focus on Privacy Act Enforcement ========================================================================= EPIC has recommended that the President's Privacy and Civil Liberties Oversight Board (PCLOB) prioritize Privacy Act enforcement. EPIC's recommendations were submitted to the Board in advance of a November 12 public meeting on "Defining Privacy." The Board is tasked with ensuring that civil liberties are appropriately protected during the formulation and implementation of laws related to terrorism. "The Privacy Act provides a sound framework for privacy protection in the United States," EPIC's letter states. "Government agencies within the PCLOB's purview contravene the Privacy Act's intent and pose substantial privacy risks by claiming broad exemptions from coverage under the Act. The Board must improve agency accountability by auditing programs for Privacy Act compliance and recommending expanded authorities under the Privacy Act." EPIC's letter also emphasizes that the Fair Information Practices are the basis for much of the Privacy Act of 1974, and the Privacy Act has thereby "provided a baseline framework for other privacy laws that incorporate fair information practices." At the Board's first public meeting in 2012, EPIC recommended that the Board ensure Privacy Act adherence and investigate privacy threats inherent in the government's Fusion Center program, closed-circuit television surveillance, body scanners, surveillance drones, and Suspicious Activity Reporting. In October 2014, EPIC provided expert commentary at a Georgetown University Law Center conference celebrating the Privacy Act's 40th anniversary. EPIC has also made numerous recommendations to Congress and federal agencies on the need to strengthen Privacy Act protections and has twice filed "friend of the court" briefs to the US Supreme Court in cases related to the Privacy Act. EPIC: Letter to PCLOB on "Defining Privacy" (Nov. 11, 2014) https://epic.org/open_gov/EPIC-Ltr-PCLOB-Defining-Privacy-Nov-11.pdf EPIC: The Privacy Act of 1974 https://epic.org/privacy/1974act/ Georgetown University Law Center: The Privacy Act @40 (Oct. 30, 2014) http://epic.org/redirect/111714-foia@40.html EPIC: FAA v. Cooper https://epic.org/amicus/cooper/ EPIC: Doe v. Chao https://epic.org/privacy/chao/ Privacy and Civil Liberties Oversight Board http://www.pclob.gov/ PCLOB: Notice re: "Defining Privacy" Meeting (Oct. 23, 2014) http://www.gpo.gov/fdsys/pkg/FR-2014-10-21/pdf/2014-24994.pdf EPIC: Comments to PCLOB on the Sunshine Act (Oct. 23, 2012) https://epic.org/privacy/1974act/EPIC-PCLOB-Statement-10-12.pdf ========================================================================= [5] EPIC Urges Defense Dept. to Adopt Strong Open Government Rules ========================================================================= EPIC has submitted extensive comments to the Department of Defense, opposing several of the agency's proposals to amend its Freedom of Information Act (FOIA) program. According to EPIC's comments, the DOD proposal to modify certain key terms and practices would disadvantage FOIA requesters and conflict with the purpose of the Act: "Some changes," EPIC wrote, "put an unnecessary burden on requesters and make the FOIA process more onerous." For example, the DOD proposes to change the definition of "administrative appeal" by removing language that makes clear that "[r]equesters also may appeal the failure to receive a response determination within the statutory limits." EPIC, however, supported some of the DOD's proposed changes benefiting requesters, including the agency's plan to remove language that FOIA requesters "should also indicate a willingness to pay fees associated." EPIC frequently uses the FOIA to obtain government records on surveillance and privacy policy, and routinely submits comments on FOIA regulations. The Defense Logistics Agency, Privacy and Civil Liberties Oversight Board, the Federal Trade Commission, and the Interior Department have adopted EPIC's recommendations on proposed FOIA regulation changes. EPIC: Comments to the Department of Defense re: FOIA (Nov. 3, 2014) https://epic.org/open_gov/EPIC-Cmts-DoD-FOIA-Regs.pdf Federal Register: DOD Proposed Ruling re: FOIA (Sep. 3, 2014) http://www.gpo.gov/fdsys/pkg/FR-2014-09-03/pdf/2014-19747.pdf Federal Register: DLA Final Rule re: FOIA (May 28, 2014) http://www.gpo.gov/fdsys/pkg/FR-2014-05-28/pdf/2014-12099.pdf Federal Register: PCLOB Final Rule re: FOIA (Nov. 8, 2013) http://www.gpo.gov/fdsys/pkg/FR-2013-11-08/pdf/2013-26373.pdf EPIC: Open Government http://epic.org/open_gov/ EPIC: FOIA.ROCKS http://foia.rocks/ ======================================================================== [6] News in Brief ======================================================================== EPIC Backs Internet Bill of Rights Speaking at a November 12 conference in Brussels, "Toward a European Marco Civil," EPIC President Marc Rotenberg expressed support for The Declaration of Human Rights, an initiative of the Italian government led by constitutional scholar Stefano Rodotà . "We must protect the political rights of Internet users, not simply the business models of Internet companies," Rotenberg said. The event was organized by the Fundamental Rights European Experts ("FREE") Group with the support of the Friedrich Eber Stiftung. Italian Parliament: Draft Declaration of Internet Rights (2014) http://epic.org/redirect/111714-draft-internet-rights.html EPIC: Stefano Rodotà https://epic.org/linkedfiles/RodotaBio.pdf European Area of Freedom Security & Justice http://free-group.eu/ Friedrich Ebert Stiftung http://www.fes-europe.eu/ CSISAC: Civil Society Seoul Declaration (Jun. 16, 2008) http://csisac.org/seoul.php The Public Voice: The Madrid Privacy Declaration (Nov. 3, 2009) http://thepublicvoice.org/madrid-declaration/ Senator Leahy Urges Swift Passage of USA FREEDOM Act Senator Patrick Leahy (D-VT), Chairman of the US Senate Judiciary Committee, has urged swift passage of the USA FREEDOM Act, which would end the government's dragnet collection of telephone records. The bipartisan bill, which Senator Leahy introduced in July 2014, would also improve oversight accountability for domestic surveillance activities, and has broad support from the Intelligence Community, the technology industry, and privacy advocates. "Congress should pass the bipartisan USA FREEDOM Act without delay," Senator Leahy said. In 2013 EPIC petitioned the US Supreme Court to end the NSA bulk record collection program. Former members of the Church Committee and dozens of legal scholars supported the EPIC petition. Sen. Leahy (D-VT): Press Release on USA FREEDOM Act (Nov. 12, 2014) http://epic.org/redirect/111714-leahy-freedom-release.html Sen. Leahy: Text of USA FREEDOM Act http://www.leahy.senate.gov/download/hen14602 Sen. Leahy: Fact Sheet on USA FREEDOM Act http://www.leahy.senate.gov/download/usa-freedom-act_background Sen. Leahy: Supporters of USA FREEDOM Act (Oct. 2, 2014) http://epic.org/redirect/111714-leahy-freedom-endorsements.html EPIC: In re EPIC - NSA Telephone Record Surveillance. https://epic.org/privacy/nsa/in-re-epic/ NSA Vows to Disclose Zero-Day Vulnerabilities In a November 3 speech at Stanford University, National Security Agency Director Admiral Michael Rogers announced that the NSA will no longer stockpile "zero-day exploits," or software glitches that could facilitate cyber-espionage. In the past, the NSA has kept these vulnerabilities secret for use in counterintelligence. "The default setting is if we become aware of a vulnerability, we share it," Admiral Rogers stated, adding that the NSA allows software developers to fix the glitches and keep the Internet more secure. Rogers also recognized that "'a fundamentally strong Internet is in the best interest of the U.S.'" In December 2013, the President's Review Group on Intelligence and Communications Technologies recommended that "US policy should generally move to ensure that Zero Days are quickly blocked, so that the underlying vulnerabilities are patched on US Government and other networks." The Review Group report contains 45 other similar recommendations that EPIC generally supports and that the White House has pledged to adopt. Earlier in 2014, the NSA's policies on zero-day exploits came under scrutiny when the "Heartbleed bug" threatened to undermine SSL encryption across the entire Internet. The New York Times: "N.S.A. Director Makes Another Visit to Silicon Valley" (Nov. 3, 2014) http://bits.blogs.nytimes.com/2014/11/03/n-s-a-director-makes- another-visit-to-silicon-valley/ EPIC: "White Hat, Black Hat, Bleeding Heart" (Apr. 17, 2014) http://epic.org/blog/2014/04/white-hat-black-hat-bleeding-heart.html The White House: "Liberty and Security in a Changing World" (Dec. 2013) http://epic.org/redirect/122013-WH-NSA-report.html The White House: National Action Plan Press Release (Dec. 6, 2013) http://epic.org/redirect/121113-white-house-action-release.html The Heartbleed Bug http://heartbleed.com/ EPIC: In re EPIC - NSA Telephone Records Surveillance https://epic.org/privacy/nsa/in-re-epic/ EPIC: NSPD-54 Appeal https://epic.org/foia/nsa/nspd-54/appeal/ Court Dismisses Video Privacy Case Against Redbox The Seventh Circuit Court of Appeals has ruled that a lawsuit against movie and videogame rental site Redbox will not continue. The plaintiffs in the case argued that Redbox's disclosure of personal information to a customer service center violated the Video Privacy Protection Act of 1988. The court, however, ruled that because customer service is part of Redbox's "ordinary course of business," the disclosure is permissible under the Act. The court also determined that the statute created standing and that it was unnecessary to show additional harm. Earlier in 2014, a federal court ruled that a privacy class action lawsuit against video streaming service Hulu could continue. In that case, Hulu shared user data with Facebook for advertising purposes, in violation of the VPPA. EPIC has supported the VPPA and defended the statute in Congressional testimony and "friend of the court" briefs. Seventh Circuit Court: Ruling in Sterk v. Redbox (Oct. 23, 2014) http://epic.org/redirect/111714-sterk-v-redbox.html Cornell University: Text of VPPA of 1988 http://www.law.cornell.edu/uscode/text/18/2710 US District Court of No. CA: Ruling in In re: Hulu (Apr. 28, 2014) http://www.courthousenews.com/2014/04/30/Hulu%20Order.pdf EPIC: Testimony Before US Senate re: VPPA (Jan. 31, 2012) https://epic.org/privacy/vppa/EPIC-Senate-VPPA-Testimony.pdf EPIC: "Friend of the Court" Brief in Harris v. Blockbuster (Nov. 2009) https://epic.org/amicus/blockbuster/Blockbuster_amicus.pdf EPIC: Harris v. Blockbuster https://epic.org/amicus/blockbuster/ EPIC: Video Privacy Protection Act https://epic.org/privacy/vppa/ European Privacy Groups Boycott Google Roadshow Leading European privacy organizations have turned down Google's invitations to participate in a series of events organized by the Internet giant that are designed to raise questions about a European Court of Justice decision on the right to privacy. The European Consumer Organization (BEUC), the European Digital Rights Initiative (EDRi), and Privacy International are among several of the groups not participating in the Google meetings. EU policymakers have also challenged Google for attacking a judicial decision of the EU's high court, describing the tour as a "publicity stunt." Google Advisory Council: Public Meetings on the "Right to be Forgotten" https://www.google.com/advisorycouncil/ EPIC: EU Court's Decision ("Right to Be Forgotten") (May 13, 2014) http://epic.org/privacy/google/eu/ Wall Street Journal: "In Brussels, Google Gets Roasted" (Sep. 11, 2014) http://blogs.wsj.com/digits/2014/09/11/in-brussels-google-gets- roasted/ EU Commission: Fact Sheet on the "Right to Be Forgotten" (May 2014) http://epic.org/redirect/111714-eu-forgotten-facts.html EPIC: Right to Be Forgotten https://epic.org/privacy/right-to-be-forgotten/default.html EPIC: International Privacy Law https://epic.org/privacy/intl/ EPIC: Expungement https://epic.org/privacy/expungement/ USA Today: "EU strikes a blow for privacy: Opposing view," by EPIC President Marc Rotenberg (May 14, 2014) http://www.usatoday.com/story/opinion/2014/05/14/european-union- google-privacy-epic-editorials-debates/9104063/ Post-Snowden, Social Media Users Concerned about Access to Personal Data According to the Pew Research Report "Public Perceptions of Privacy and Security in the Post-Snowden Era," most social media users are very concerned about businesses and government accessing their personal data. Eighty percent of adults polled "agree" or "strongly agree" that Americans should be concerned about the government's monitoring of phone calls and Internet communications. Sixty-four percent believe that advertisers should be more heavily regulated. Almost all users surveyed rank their Social Security number as their most sensitive piece of personal data. EPIC has asked the US House Committee on Homeland Security to suspend a DHS program that monitors social networks and media organizations, and has recommended that the FTC to establish privacy protections for online advertising. EPIC has also urged the Congress over many years to limit the use of Social Security numbers for commercial purposes. Pew Internet: Poll on Public Internet Privacy Perceptions (Nov. 2014) http://www.pewinternet.org/2014/11/12/public-privacy-perceptions/ EPIC: Letter to US House re: Social Network Monitoring (Feb. 22, 2012) http://epic.org/redirect/022912-epic-follow-letter-monitoring.html EPIC: EPIC v. Department of Homeland Security: Media Monitoring https://epic.org/foia/epic-v-dhs-media-monitoring/ EPIC: Google/DoubleClick Merger https://epic.org/privacy/ftc/google/ EPIC: Public Opinion on Privacy https://epic.org/privacy/survey/ EPIC: Facebook Privacy https://epic.org/privacy/facebook/ EPIC: Social Security Numbers https://epic.org/privacy/ssn/ ======================================================================== [7] EPIC in the News ======================================================================== "More Drones on US Borders Create Privacy Concerns for Its Neighbors." VICE News, Nov. 14, 2014. https://news.vice.com/article/more-drones-on-us-borders-create- privacy-concerns-for-its-neighbors "Feds Using Planes To Spy on American Cellphone Users." CIO Today, Nov. 14, 2014. http://www.cio-today.com/article/index.php?story_id=100001M1GRJ4 "Carmakers unite around privacy protections." Yahoo News, Nov. 13, 2014. http://news.yahoo.com/carmakers-unite-around-privacy-protections- 050326814.html "Major privacy groups back FTC in consumer data lawsuit against Wyndham." Fierce Government IT, Nov. 13, 2014. http://www.fiercegovernmentit.com/story/major-privacy-groups- back-ftc-consumer-data-lawsuit-against-wyndham/2014-11-13 "Google calls for U.S. to extend Privacy Act protections to EU citizens." The Washington Post, Nov. 12, 2014. http://www.washingtonpost.com/blogs/the-switch/wp/2014/11/12/ google-calls-for-u-s-to-extend-privacy-act-protections-to-eu- citizens/ "Survey: Americans have lost control of their personal info." USA Today, Nov. 12, 2014. http://www.usatoday.com/story/tech/2014/11/12/pew-survey-online- privacy-surveillance/18890259/ "Americans Say They Want Privacy, but Act as if They Don't." The New York Times, Nov. 12, 2014. http://www.nytimes.com/2014/11/13/upshot/americans-say-they-want- privacy-but-act-as-if-they-dont.html?_r=0&abt=0002&abg=0 "Fighting for the right to be forgotten on the Web." Los Angeles Times, Nov. 9, 2014. http://www.latimes.com/business/hiltzik/la-fi-hiltzik-20141109- column.html#page=1 "Subprime lenders can now disable your car while you're driving on the freeway." Salon, Nov. 8, 2014. http://www.salon.com/2014/11/08/subprime_lenders_can_now_disable_ your_car_while_youre_driving_on_the_freeway_partner/ "Fees After Disclosures on Supersnooping Program." Courthouse News Service, Nov. 7, 2014. http://www.courthousenews.com/2014/11/07/fees-after-disclosures- on-supersnooping-program.htm "EPIC Wins Court Ruling Against FBI's Facial-Recognition Technology." National Journal, Nov. 6, 2014. http://www.nationaljournal.com/tech/privacy-group-wins-court- ruling-against-fbi-s-facial-recognition-technology-20141106 "Facebook Reports Government Data Requests Rise 24%." Top Tech News, Nov. 5, 2014. http://www.toptechnews.com/article/index.php?story_id=013000EN1M8R "Top British Spy Warns of Terrorists' Use of Social Media." The New York Times, Nov. 4, 2014. http://www.nytimes.com/2014/11/05/world/europe/GCHQ-director-tech- companies-militants.html "Schools keep track of students' online behavior, but do parents even know?" CSO Magazine, Nov. 4, 2014. http://www.csoonline.com/article/2841969/big-data-security/schools- keep-track-of-students-online-behavior-but-do-parents-even-know.html "The Truth about Teenagers, the Internet, and Privacy." Fast Company, Nov. 4, 2014. http://www.fastcompany.com/3037962/then-and-now/the-truth-about- teenagers-the-internet-and-privacy "A Guide To Not Getting Arrested When You Use Your Cell Phone On Election Day." The Huffington Post, Nov. 3, 2014. http://www.huffingtonpost.com/2014/11/03/photo-polling-place_n_ 6095746.html?utm_hp_ref=politics "Internet voting 'not ready for prime time'." USA Today, Nov. 2, 2014. http://www.usatoday.com/story/tech/2014/11/02/internet-voting-not- secure/18269285/ "Official claims University released student emails to politicians." UWV's The Atheneum, Oct. 31, 2014. http://www.thedaonline.com/news/article_3ef852ae-60cc-11e4-aad1- 0017a43b2370.html For More EPIC in the News: http://epic.org/news/epic_in_news.html ======================================================================= [8] EPIC Book Review: 'Privacy Policy' ======================================================================= "Privacy Policy: The Anthology of Surveillance Poetics," Ed. Andrew Ridker. http://amzn.to/1vkBgEz This exquisite little book, perhaps the first poetry anthology dedicated to privacy and surveillance, is highly original and deeply unsettling. Editor Andrew Ridker has collected work from a wide range of poets, including major American writers like John Ashbery, Robert Pinsky and Nikki Giovanni, and, with almost deliberate casualness, created a kaleidoscope of "the timeless themes of love and trust and knowledge and death through the lens of our present techno-political crisis." What's not to like about a volume that has redactions on the back cover and organizes poems in order of the authors' Social Security numbers? The subjects range from the frankly topical (Ben Fama on Bed, Bath & Beyond and Chelsea Manning; Max Hjortsberg on drones; Andrew Durbin on PRISM and Katy Perry) to the deeply personal to the historical and mythological. EJ Koh, or at least her fictional self, exposes intimate secrets to get a security clearance ("Clearance"). Joni Wallace becomes Robert Oppenheimer ("I Am Oppenheimer"). Damion Searles ("Surveyor") channels Henry David Thoreau and pastes "Walden's" musings into an implied modern world Thoreau would have detested. Some poems (Mark Bibbins' "Witness") are about the tensions and trade-offs between nature and the words on the screen. Jorie Graham's "Honeycomb" embeds Microsoft Word arrows into its stanzas as if they were weapons to push ahead the poet's lagging thoughts. It's an overused trope that we are victims of our own technological greed, and victimization of one kind or another is perhaps too common a theme in this anthology. Also unclear is how many poems were written for the book; it would be fascinating to see these writers' prescience in older poems. But these are small quibbles for such a bold and elegant volume. Perhaps it's coincidence that the final poem corresponds with the highest author SSN, but Dan Chelotti's "Lenses" is a simple and ultimately hopeful call to return to our traditional human connections. "Humans haven't been able/to look at each other without/ lenses for a while now" Chelotti says, but nevertheless reminds us that we retain the capability to "lower/our lenses and drink the primordial air." The world, he says, while "older than any of us, is still young." -- EC Rosenberg =================================== [8] EPIC Bookstore =================================== "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75. http://epic.org/bookstore/foia2010/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, and constitutional values can be ordered at: EPIC Bookstore: http://www.epic.org/bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: http://mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [9] Upcoming Conferences and Events ======================================================================= "The Right to Be Forgotten," featuring EPIC President Marc Rotenberg. NPR's "The Diane Rehm Show," Nov. 18, 2014, 10:00 EST. For More Information: http://thedianerehmshow.org/. "FUSION: Rise Up." Speaker: EPIC President Marc Rotenberg. Washington, DC: November 19, 2014. For More Information: http://www.fusionriseup.com/. "Watching the Watchers: Fighting Back in an Age of Ubiquitous Surveillance." Speaker: EPIC President Marc Rotenberg. Seattle: University of Washington, Nov. 20, 2014. For More Information: http://www.grad.washington.edu/lectures/marc-rotenberg.shtml. ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: http://facebook.com/epicprivacy http://epic.org/facebook http://twitter.com/epicprivacy Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Support EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/support Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government and private-sector infringement on constitutional values. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 21.21------------------------