EPIC Alert 21.23
======================================================================= E P I C A l e r t ======================================================================= Volume 21.23 December 10, 2014 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, DC http://www.epic.org/alert/epic_alert_21.23.html "Defend Privacy. Support EPIC." http://epic.org/support ========================================================================= Table of Contents ========================================================================= [1] EPIC Asks New Mexico Supreme Court to Limit Aerial Surveillance [2] EU Officials: 'Right to be Forgotten' Applies Worldwide [3] EPIC Pursues FOIA Suit on Vast Phone Record Database 'Hemisphere' [4] EPIC Uncovers DOD Student Data Collection Procedures [5] California Court Strikes Down DNA Collection Law [6] News in Brief [7] EPIC in the News [8] EPIC Book Review: "@War" [9] Upcoming Conferences and Events TAKE ACTION: Rock the Freedom of Information Act with FOIA.ROCKS! VISIT EPIC's New FOIA Domain: http://foia.rocks TWEET in Support of FOIA: #FOIAat40 LEARN about EPIC's FOIA Work: https://epic.org/foia/ SUPPORT EPIC: https://epic.org/support/ ========================================================================= [1] EPIC Asks New Mexico Supreme Court to Limit Aerial Surveillance ========================================================================= EPIC has filed a "friend of the court" brief in State v. Davis, a New Mexico Supreme Court case considering the warrantless search of private property. In the case, an Army National Guard helicopter spotted "vegetation" in Davis' backyard and greenhouse, then arrested him for possession of and growing marijuana. EPIC's brief argues that "aerial surveillance technology threatens widely shared privacy and property interests" and that warrantless surveillance in the airspace above a suspect's property is a search under the Fourth Amendment, is trespassory, and violates both property interests and an individual's reasonable expectation of privacy. "[A]s the expense and limitations of aerial surveillance from helicopters and aircraft are eliminated," EPIC wrote, "it will be necessary to establish privacy rights to protect against constant monitoring." In February 2012, EPIC led a coalition of more than 100 members of the public and consumer rights, human rights, and civil liberties organizations in petitioning the FAA to conduct a public rulemaking on the government's use of drones. EPIC's petitioned stated that "drones present a unique threat to privacy. Drones are designed to undertake constant, persistent surveillance to a degree that former methods of aerial surveillance were unable to achieve." The FAA subsequently published a notice of proposed privacy policies to govern the operation of drones in the six designated test sites. EPIC submitted comments recommending test site operators comply with the Fair Information Practices, disclose data collection and minimization practices, and subject themselves to independent audits. This month the FAA directly responded to EPIC's petition, declining to perform a separate rulemaking on the privacy and civil liberties implications of domestic drone use. EPIC also testified in front of the US House Subcommittee on Oversight, Investigations, and Management in July 2012, stating, "there are substantial legal and constitutional issues involved in the deployment of aerial drones by federal agencies that need to be addressed." EPIC: "Friend of the Court" Brief in State v. Davis (Dec. 8, 2014) http://epic.org/amicus/drones/new-mexico/davis/EPIC-Amicus-Brief.pdf EPIC: State v. Davis https://epic.org/amicus/drones/new-mexico/davis/default.html EPIC: Domestic Unmanned Aerial Vehicles (UAVs) and Drones https://epic.org/privacy/drones/ EPIC et al.: Petition to FAA re: Drones (Feb. 24, 2012) https://epic.org/privacy/drones/FAA-553e-Petition-03-08-12.pdf FAA: Response to EPIC et al. Petition (Nov. 26, 2014) https://epic.org/privacy/drones/FAA-Privacy-Rulemaking-Letter.pdf EPIC: Comments to FAA re: Test Site Program (Apr. 23, 2013) https://epic.org/apa/comments/EPIC-Drones-Comments-2013.pdf EPIC: Congressional Testimony re: Drones (Mar. 20, 2013) http://epic.org/redirect/121014-drone-testimony.html ======================================================================== [2] EU Officials: 'Right to be Forgotten' Applies Worldwide ======================================================================== Privacy regulators in the European Union have issued guidelines calling for the recent "Right to be Forgotten" ruling to apply worldwide. The guidelines, developed by the EU's Article 29 Working Party - data protection officials from each EU member state, the European Data Protection Supervisor, and the European Commission - reflect the EU's interpretation of the ruling and criteria used to evaluate "de-listing" requests. In the case Google Spain v. Gonzalez, decided in May 2014, the European Union Court of Justice ruled that an EU citizen may ask search engines to remove links to him or herself in search results. In implementing the decision, however, Google chose to remove the links for only EU domains, leaving the de-listed data accessible to most users (i.e., .com domains). The new report makes clear that the ruling should apply across all domains. "Limiting de-listing to EU domains on the grounds that users tend to access search engines via their national domains cannot be considered a sufficient means to satisfactorily guarantee the rights of data subjects according to the ruling," the Working Party explained. EPIC firmly supports the Working Party's guidelines on the "right to be forgotten." In a recent opinion piece in USA News and World Report, EPIC President Marc Rotenberg responded to the Working Party's critics, writing, "Google's position on this issue makes little sense. The company could not reasonably claim to protect a U.S. citizen's credit card details by removing links to the private information from only the google.us domain. Similarly, Google does not address the privacy problem elsewhere by only removing links from search provided for only one country." Art. 29 Working Party: Guidelines on Google v. Gonzalez (Nov. 26, 2014) http://epic.org/redirect/121014-29-google-gonzales.html ECJ: Decision in Google Spain v. Gonzalez (May 13, 2014) http://epic.org/redirect/121014-ecj-google-gonzales.html US News & World Report: "The Right to Privacy is Global," by EPIC President Marc Rotenberg (Dec. 5, 2014) http://www.usnews.com/debate-club/should-there-be-a-right-to-be- forgotten-on-the-internet/the-right-to-privacy-is-global EPIC: Right to Be Forgotten https://epic.org/privacy/right-to-be-forgotten/default.html EPIC: International Privacy Law https://epic.org/privacy/intl/ EPIC: Expungement https://epic.org/privacy/expungement/ ========================================================================= [3] EPIC Pursues FOIA Suit on Vast Phone Record Database 'Hemisphere' ========================================================================= EPIC has filed a motion for summary judgment in a Freedom of Information Act lawsuit against the Drug Enforcement Administration, citing the agency's failure to produce documents about"Hemisphere," a massive AT&T call records database available to government agents. EPIC learned of the database in 2013 when The New York Times obtained and published a PowerPoint presentation of DEA training slides, which revealed only limited information about the collection program's scope and the agencies and companies involved. According to the slides, the Hemisphere program allows law enforcement agencies to access billions of detailed phone records that pass through AT&T switches. Thus, the government may examine call "metadata" of both AT&T customers and non-customers whose calls are routed through an AT&T switch. Hemisphere records date back to 1987, and, according to the slides, law enforcement personnel may search the Hemisphere database during routine criminal investigations unrelated to national security. EPIC's initial FOIA request to the DEA asked for the legal basis and privacy impact of the Hemisphere program; any other training modules; any legal or policy memos addressing the rationale for tethering the program to judicial authority; and any communications to Congress about the program, particularly those that justify Hemisphere's privacy impact. When the DEA failed to issue a determination - that is, grant or deny EPIC's request - EPIC filed the lawsuit to compel the agency to comply with the FOIA. As a result of the lawsuit, the DEA produced several hundred pages of records, almost all of which were entirely redacted, then failed to provide EPIC with detailed descriptions of the redacted records, as required by law. EPIC's motion for summary judgment argues that the agency has failed to comply with the law. EPIC challenged the NSA's bulk collection of telephone records in a 2013 petition to the US Supreme Court, supported by legal scholars and former members of the Church Committee. EPIC's petition asked the Court to halt the disclosure of the telephone records of millions of Americans, arguing that the judicial authority claimed by the NSA did not actually have the power to compel Verizon to turn over all domestic telephone "metadata." EPIC's petition argued that an order halting the program was "warranted because the [foreign intelligence court] exceeded its statutory jurisdiction when it ordered production of millions of domestic telephone records that cannot plausibly be relevant to an authorized investigation." EPIC: Motion in EPIC v. DEA - Hemisphere (Dec. 1, 2014) https://epic.org/foia/dea/hemisphere/EPIC-Memo-MSJ.pdf EPIC: Complaint in EPIC v. DEA - Hemisphere (Feb. 26, 2014) http://epic.org/foia/dea/hemisphere/Complaint.pdf EPIC: Initial FOIA Request to DEA re: Hemisphere (Nov. 15, 2013) http://epic.org/foia/dea/EPIC-FOIA-DEA-09-25-13.pdf ONDCP: Hemisphere Training PowerPoint Slides (2013) http://s3.documentcloud.org/documents/782287/database.pdf EPIC: EPIC v. DEA - Hemisphere http://epic.org/foia/dea/hemisphere/ EPIC: In re EPIC - NSA Telephone Records Surveillance https://epic.org/privacy/nsa/in-re-epic/ EPIC: Petition to US Supreme Court (Jul. 8, 2013) https://epic.org/EPIC-FISC-Mandamus-Petition.pdf EPIC: FOIA Cases https://epic.org/foia/ ======================================================================== [4] EPIC Uncovers DOD Student Data Collection Procedures ========================================================================= The Department of Defense has provided EPIC with documents on the "Joint Advertising and Market Research Studies" (JAMRS) Recruiting Database. DOD obtains information for the database from high schools offering military aptitude tests; state DMVs; and commercial data brokers. The database includes sensitive student information, including home address and grade point average. EPIC sought these documents via the Freedom of Information Act in 2009 because they shed light on how DOD collects, retains, uses, and safeguards student information within the database. Some of the DOD documents include a interim report on JAMRS privacy and data security practices; blank sample student information sheets and test forms; detailed memoranda on safeguarding Personally Identifiable Information; and guidelines for testing. According to the documents provided to EPIC, the Defense Department uses the JAMRS database to "compile, process, and distributed files regarding potential recruit- aged youth to the Services' Recruiting Commands to assist them in their direct marketing recruiting efforts." The documents also reveal that parents demanded that DOD remove their children's records from the system, some repeatedly. In 2005, EPIC, joined by more than 100 organizations, urged then- Secretary of Defense Donald Rumsfeld to end the database because it collected unnecessary information, did not permit individuals to opt- out, and was housed at a private-sector direct marketing company. The agency now permits individuals to opt-out. Prior to the letter to Secretary Rumsfeld, EPIC and eight privacy and consumer groups wrote comments to the Defense Department, urging the agency not to create the database. EPIC's comments stated, "The DOD faces serious challenges in staffing the military. However, these challenges should be overcome through traditional advertising channels. The foray of government into direct-marketing style recruitment violates the norms of the Privacy Act and subjects Americans to risk of identity theft. The DOD should withdraw its plan to create the Joint Advertising database." EPIC: FOIA Documents on JAMRS Interim Report on JAMRS Database (2009) https://epic.org/privacy/student/doddatabase/09-F-1362-Doc-1.pdf DOD JAMRS Privacy Act SORN (Jan. 2007) https://epic.org/privacy/student/doddatabase/09-F-1362-Doc-12.pdf Armed Forces Aptitude Battery Privacy Act Statement (undated) https://epic.org/privacy/student/doddatabase/09-F-1362-Doc-8.pdf Military Testing Program Procedures and Guidelines (Dec. 2008) https://epic.org/privacy/student/doddatabase/09-F-1362-Doc-7.pdf ASVAB Career Exploration Program Exam Reservation Form (undated) https://epic.org/privacy/student/doddatabase/09-F-1362-Doc-9.pdf AK Local Educational Agency Military Testing (1999) https://epic.org/privacy/student/doddatabase/09-F-1362-Doc-6.pdf DOD Memorandum on Safeguarding PII (2006) https://epic.org/privacy/student/doddatabase/09-F-1362-Doc-4.pdf DOD Memorandum on Safeguarding Against Security Breaches (2008) https://epic.org/privacy/student/doddatabase/09-F-1362-Doc-3.pdf Parental Opt-outs of JAMRS Database (2007) https://epic.org/privacy/student/doddatabase/09-F-1362-Doc-5.pdf DOD: Joint Advertising, Market Research & Studies Recruiting Database http://epic.org/redirect/121014-jamrs.html EPIC: JAMRS FOIA Request (Jul. 2, 2009) http://epic.org/redirect/121014-jamrs-foia.html EPIC: Navy JAMRS FOIA Response (Nov. 14, 2014) http://epic.org/redirect/121014-jamrs-foia-response.html Privacy Coalition: DOD Database Campaign Coalition Letter (2005) http://privacycoalition.org/nododdatabase/letter.html EPIC: DOD Recruiting Database https://epic.org/privacy/student/doddatabase.html EPIC: Student Privacy https://epic.org/privacy/student/ ========================================================================= [5] California Court Strikes Down DNA Collection Law ========================================================================= A California state appeals court has struck down a state law requiring collection of DNA from all individuals arrested on suspicion of committing a felony. California's First District Court of Appeals ruled that the DNA and Forensic Identification Data Base and Data Bank Act of 1998, or DNA Act, intrudes on an arrestee's expectation of privacy, and is an unreasonable search and seizure prohibited by the state's constitution. The case was remanded from the California Supreme Court, which asked the appeals court to reconsider it following the US Supreme Court's ruling in Maryland v. King. The appeals court, however, concluded that Maryland v. King was not applicable and that the California Constitution controlled the decision. California's DNA Act, unlike Maryland's law, requires the police to collect DNA samples immediately after arrest, even before arrestees are charged, much less convicted, of any crime. Arrestees that have not been charged with a crime have an expectation of privacy "closer to the ordinary citizen end of the continuum . . . ," the court said, also noting that "in 2012 . . . 62 percent of felony arrestees who were not ultimately convicted - almost 20 percent of total felony arrestees - were never even charged with a crime." According to the appeals court, the absence of automatic expungement procedures for DNA samples "increases the privacy intrusion because DNA profiles and samples are likely to remain available to the government for some period of time after the justification for their collection has disappeared, potentially indefinitely." Thus, the court concluded, "'the mere fact that law enforcement may be made more efficient can never by itself justify disregard of the Fourth Amendment. . .' is all the more obvious under the California Constitution, which expressly recognizes a right to privacy, and even more so in the context of a search of such deeply personal and private information as is contained in a DNA sample." EPIC is a strong supporter of genetic privacy and has filed "friend of the court" briefs in a number of DNA cases. In 2013 EPIC submitted a brief to the US Supreme Court in Maryland v. King, arguing that the government's collection of DNA presents a risk to individual privacy. CA State Appeals Court: Opinion in State DNA Law Case (Dec. 3, 2014) http://www.courts.ca.gov/opinions/documents/A125542A.PDF EPIC: "Friend of the Court" Brief in Maryland v. King (Feb. 1, 2013) https://epic.org/amicus/dna-act/maryland/EPIC-Amicus-Brief.pdf EPIC: Maryland v. King https://epic.org/amicus/dna-act/maryland/ EPIC: Maryland v. Raines https://epic.org/privacy/genetic/raines_amicus.pdf EPIC: Kohler v Englade https://epic.org/privacy/kohler/ EPIC: US v. Kincade https://epic.org/privacy/kincade/default.html EPIC: Herring v. US https://epic.org/privacy/herring/ EPIC: Genetic Privacy https://epic.org/privacy/genetic/ ======================================================================== [6] News in Brief ======================================================================== Facebook Revises Privacy Policy - Again Facebook has again revised its privacy policy. Despite the new graphics, Facebook continues to collect and disclose enormous amounts of user data without meaningful consent and contrary to a 2011 settlement with the FTC. Specifically, Facebook's use of location data has expanded dramatically. "We collect information from or about the computers, phones, or other devices where you install or access our Services," states Facebook, particularly "device locations, including specific geographic locations, such as through GPS, Bluetooth, or Wi-Fi signals." Facebook's 20-year consent decree with the Federal Trade Commission is a consequence of a complaint brought by EPIC and a coalition of consumer privacy organizations when the company changed user privacy settings. More recently, consumer organizations in the US and Europe have objected to Facebook's decision to track users' web activities and to profile offline purchases. Privacy groups have also objected to Facebook's manipulation of user news feeds. Facebook: Privacy Policy https://www.facebook.com/about/basics/ FTC: Facebook Consent Order (Nov. 29, 2014) http://ftc.gov/os/caselist/0923184/111129facebookagree.pdf EPIC: Complaint to FTC in In re Facebook (Dec. 17, 2009) https://epic.org/privacy/inrefacebook/EPIC-FacebookComplaint.pdf TACD: Letter to FTC re: Facebook (Jul. 29, 2014) http://epic.org/redirect/121014-tacd-facebook.html EPIC: Complaint to FTC re: Facebook Psychological Study (Jul. 3, 2014) https://epic.org/privacy/internet/ftc/facebook/psycho/ EPIC: Facebook Privacy https://epic.org/privacy/facebook/ EPIC: In re Facebook https://epic.org/privacy/inrefacebook/ UN Urges All Countries to Protect Digital Privacy The United Nations has adopted a resolution on "The Right to Privacy in the Digital Age" that reaffirms the rights and freedoms embodied in the Universal Declaration of Human Rights. The UN resolution highlights the risks of mass surveillance and warns that so- called "metadata" "can reveal personal information and can give an insight into an individual's behavior, social relationships, private preferences and identity." Earlier in 2014, in a joint submission to the United Nations, EPIC, NYU's Brennan Center for Justice, and other public interest organizations urged the UN Human Rights Council to review US surveillance programs. The letter stated that US surveillance activities "violate the rights to privacy, freedom of expression, and the freedom of peaceful assembly and association . . ." guaranteed by the Universal Declaration of Human Rights. UN: Resolution: "Right to Privacy in the Digital Age" (Nov. 19, 2014) http://www.un.org/ga/search/view_doc.asp?symbol=A/C.3/69/L.26/Rev.1 EPIC et al.: Coalition Letter to UN (Sep. 18, 2014) https://epic.org/privacy/intl/Joint-UPR-Submission-to-UN-HRC.pdf EPIC: Council of Europe Privacy Convention https://epic.org/privacy/intl/coeconvention/ The Public Voice: The Madrid Privacy Declaration (Nov. 3, 2009) http://thepublicvoice.org/madrid-declaration/ British Court Upholds Mass Surveillance by UK Spy Agency The Investigatory Powers Tribunal, which reviews complaints of unlawful surveillance by Britain's intelligence agencies, has ruled that mass collection of online communications is legal. The complaint was brought by several privacy rights groups in the UK and focused on GCHQ's electronic surveillance program, TEMPORA, and information the UK spy agency obtained through the NSA's PRISM and Upstream programs. The privacy rights groups plan to appeal the decision to the European Court of Human Rights. EPIC challenged the NSA's mass surveillance of US phone records in a 2013 petition to the US Supreme Court. EPIC's petition argued that the Foreign Intelligence Surveillance Court exceeded its authority when it ordered Verizon to turn over all customer records to the NSA, and was supported by legal scholars and former members of the Church Committee. UK Investigatory Powers Tribunal http://www.ipt-uk.com/">http://www.ipt-uk.com/ IPT-UK: Ruling in Liberty v. GCHQ (Dec. 5, 2014) http://www.ipt-uk.com/docs/IPT_13_168-173_H.pdf EPIC: Petition to US Supreme Court (Jul. 8, 2013) https://epic.org/EPIC-FISC-Mandamus-Petition.pdf EPIC: In re EPIC- NSA Telephone Records Surveillance https://epic.org/privacy/nsa/in-re-epic/ EPIC: Foreign Intelligence Surveillance Act Reform https://epic.org/privacy/terrorism/fisa/reform/ Congress Considers Bill to Strengthen Privacy Act Representative Gerry Connolly (D-VA) has introduced legislation to update the federal Privacy Act. The "Safeguarding Individual Privacy Against Government Invasion Act of 2014 (HR 5772)" would compensate individuals for "non-pecuniary" harms after Privacy Act violations. The proposal is a response to FAA v. Cooper, a 2012 US Supreme Court decision holding that the Privacy Act does not cover mental and emotional damages. EPIC filed a "friend of the court" brief in that case, explaining that privacy laws routinely provide recovery for mental and emotional harm; that such damages are the most common consequence of privacy violations; and that civil remedies are necessary to ensure Privacy Act enforcement. Following the decision in FAA v. Cooper, EPIC set out proposals to strengthen the Privacy Act. EPIC also recently recommended that the President's Privacy and Civil Liberties Oversight Board prioritize Privacy Act enforcement. US Congress: Text of HR 5772 (Dec. 1, 2014) https://www.congress.gov/bill/113th-congress/house-bill/5772/text US Supreme Court: Decision in FAA v. Cooper (Mar. 28, 2012) http://www.supremecourt.gov/opinions/11pdf/10-1024.pdf EPIC: "Friend of the Court" Brief in FAA v. Cooper (Oct. 4, 2011) https://epic.org/amicus/cooper/Cooper-EPIC-Brief.pdf EPIC: Supplemental Letter on Privacy Act Bill (May 14, 2012) http://epic.org/redirect/052912-epic-privacy-act-supplement.html EPIC: Letter on Privacy Act Modernization Bill (Mar. 27, 2012) http://epic.org/redirect/052912-epic-privacy-act-letter.html EPIC: Letter to PCLOB on "Defining Privacy" (Nov. 11, 2014) https://epic.org/open_gov/EPIC-Ltr-PCLOB-Defining-Privacy-Nov-11.pdf EPIC: FAA v. Cooper https://epic.org/amicus/cooper/ EPIC: Doe v. Chao https://epic.org/privacy/chao/ EPIC: The Privacy Act of 1974 https://epic.org/privacy/1974act/ FAA Grounds Drone Privacy Safeguards The Federal Aviation Administration has denied a 2012 EPIC-led petition to initiate a public rulemaking addressing privacy and civil liberties issues posed by domestic drones. In a letter to EPIC, the agency stated it was not required to solicit public comments on the privacy implications of drones because privacy was "not an immediate safety concern." In March 2012, EPIC, joined by over 100 other organizations, experts, and members of the public, petitioned the FAA to "conduct a notice and comment rulemaking on the impact of privacy and civil liberties related to the use of drones in the United States." The agency subsequently published a notice with proposed privacy requirements for drone operators at FAA-designated drone test sites, and EPIC submitted comments in response to the notice, urging the agency to mandate minimum privacy standards for drone operators. After considering numerous public comments on the privacy impact of aerial drones, the FAA proposed that test-site operators develop privacy policies but did not require any specific baseline privacy standards. EPIC: Letter from FAA Denying Petition (Nov. 26, 2014) https://epic.org/privacy/drones/FAA-Privacy-Rulemaking-Letter.pdf EPIC et al.: Petition to FAA re: Drone Privacy (Feb. 24, 2012) https://epic.org/privacy/drones/FAA-553e-Petition-03-08-12.pdf EPIC: Comments to FAA re: Drone Privacy Rulemaking (Apr. 23, 2013) https://epic.org/apa/comments/EPIC-Drones-Comments-2013.pdf FAA: Rulemaking on Drone Privacy (Nov. 14, 2013) http://www.gpo.gov/fdsys/pkg/FR-2013-11-14/pdf/2013-27216.pdf EPIC: Domestic Drones https://epic.org/privacy/drones/ EPIC: Spotlight on Surveillance: Drones - Eyes in the Sky https://epic.org/privacy/surveillance/spotlight/1014/drones.html Pew Survey: Americans Wrongly Believe Privacy Policies Protect Privacy According to a new Pew Survey, over 50% of US Internet users believe privacy policies protect their personal information. The survey posed the True/False statement, "When a company posts a privacy policy, it ensures that the company keeps confidential all the information it collects on users." Fifty-two percent of users incorrectly answered, "True." The question was based on a similar 2003 survey, which found that 57% of users believed privacy policies protected their information. In EPIC's 1999 survey on online privacy, "Surfer Beware III: Personal Privacy and the Internet", EPIC "found that the privacy policies available at many websites are typically confusing, incomplete, and inconsistent." The original EPIC survey "Surfer Beware: Personal Privacy and the Internet" (1997) was the first ever undertaken of Internet privacy practices. EPIC wrote at the time, "it is matter of basic fairness to inform web users when personal information is being collected and how it will be used." Pew Internet: Survey on Internet Privacy Policies (Nov. 25, 2014) http://www.pewinternet.org/files/2014/11/PI_Web-IQ_112514_PDF.pdf UC Berkeley: Paper on Internet Users and Privacy Policies (Oct. 2007) http://epic.org/redirect/121014-2007-privacy-policy.html EPIC: "Surfer Beware III" (Dec. 1999) https://epic.org/reports/surfer-beware3.html EPIC: "Surfer Beware: Personal Privacy and the Internet" (Jun. 1997) https://epic.org/reports/surfer-beware.html EPIC: Public Opinion on Privacy https://epic.org/privacy/survey/ ======================================================================== [7] EPIC in the News ======================================================================== "3 Questions to Ask Before Putting Cameras on Cops." Yahoo Tech, Dec. 9, 2014. https://www.yahoo.com/tech/3-questions-to-ask-before-putting- cameras-on-cops-104709587714.html "Privacy argument proves tough sell in Coeur d'Alene woman's NSA case." The Spokesman-Review (ID), Dec. 9, 2014. http://www.spokesman.com/stories/2014/dec/09/privacy-argument- proves-tough-sell-in-coeur/ "Congress finds sorting Fast and Furious records 'like pieces of a puzzle'." Cronkite News (AZ), Dec. 7, 2014. http://cronkitenewsonline.com/2014/12/congress-finds-sorting-fast- and-furious-documents-like-pieces-of-a-puzzle/ "NSA Hacking of Cell Phone Networks." Lawfare, Dec. 8, 2014. http://www.lawfareblog.com/2014/12/nsa-hacking-of-cell-phone- networks/ "The 5 Worst Big Data Privacy Risks (and How to Guard Against Them)." CIO, Dec. 8, 2014. http://www.cio.com/article/2856266/data-protection/the-5-worst- big-data-privacy-risks-and-how-to-guard-against-them.html "Usage of police surveillance data concerns privacy groups." Peoria Star-Journal, Dec. 7, 2014. http://www.pjstar.com/article/20141207/News/141209301 US News & World Report: "The Right to Privacy is Global," by EPIC President Marc Rotenberg (Dec. 5, 2014) http://www.usnews.com/debate-club/should-there-be-a-right-to-be- forgotten-on-the-internet/the-right-to-privacy-is-global "Google to revamp its products with 12-and-younger focus." USA Today, Dec. 3, 2014. http://www.usatoday.com/story/tech/2014/12/03/google-products- revamped-for-under-13-crowd/19803447/ "FAA Grounds Drone Privacy Safeguards." Law360, Dec. 2, 2014. http://www.law360.com/articles/600719/faa-grounds-drone-privacy- safeguards "Why the FAA Isn't Worried About Drones Invading Your Privacy Right Now." Gizmodo, Dec. 2, 2014. http://gizmodo.com/why-the-faa-isnt-worried-about-drones-invading- your-pri-1665794268 "The biggest privacy outrages in 2014." Los Angeles Times, Dec. 1, 2014. http://www.latimes.com/opinion/opinion-la/la-ol-privacy-outrages- of-2014-20141126-story.html#page=1 "Car Talk: Sharp Turns Ahead." The National Law Journal, Dec. 1, 2014. http://www.nationallawjournal.com/id=1202677551065/Car-Talk-Sharp- Turns-Ahead?mcode=1202615705846&slreturn=20141101123029 "How Social Media Data in Behavior Studies Leads to Bad Science." Utah People's Post, Nov. 28, 2014. http://www.utahpeoplespost.com/2014/11/social-media-data-behavior- studies-leads-bad-science/ "Data can tell you want to quit or that you're not right for the job." The Kansas City Star, Nov. 28, 2014. http://www.kansascity.com/news/business/article4188940.html "Scientists Warn About Bias In The Facebook And Twitter Data Used In Millions Of Studies." Forbes, Nov. 27, 2014. http://www.forbes.com/sites/bridaineparnell/2014/11/27/scientists- warn-about-bias-in-the-facebook-and-twitter-data-used-in-millions- of-studies/ "EU May Ask Google to Extend 'Right to Be Forgotten' Beyond Europe." EWeek, Nov. 26, 2014. http://www.eweek.com/security/eu-may-ask-google-to-extend-right- to-be-forgotten-beyond-europe.html "Twitter's Data Grab: Company Wants To Know What Other Apps Users Install." MediaPost, Nov. 26, 2014. http://www.mediapost.com/publications/article/239054/twitters- data-grab-company-wants-to-know-what-ot.html For More EPIC in the News: http://epic.org/news/epic_in_news.html ======================================================================= [8] EPIC Book Review: '@War' ======================================================================= "@War: The Rise of the Military-Internet Complex," Shane Harris http://amzn.to/1zMoInP Journalist Shane Harris has authored an intriguing account of the rise of what he has dubbed the "military-Internet complex." "@War" chronicles the US government's ever-intensifying focus on cyberspace as the "fifth domain" of warfare - adding it to land, air, sea, and space. General Keith Alexander and Vice Admiral Mike McConnell play central roles in pushing for a greater focus on cyber operations and greater power for the NSA to perform them. Harris begins Part I of the book explaining how the war in Iraq was partly the first cyber war - and one led, however covertly, by the NSA. During the "surge" in Iraq, the US government used malicious computer viruses and other hacking techniques to track, manipulate, and subvert the insurgents. To accomplish this, Harris explains, "the NSA would have to infect not just insurgents' phones and computers with malware but potentially many other innocent Iraqis' devices, too." The account of cyber operations in Iraq acts as the pivot point in the story of the government's development of a cyber army to not only fight wars but also dominate cyberspace to collect intelligence. Part II covers the private sector's increasing focus of on cybersecurity and the growing cooperation between the government and private industry. The author details this rise through accounts of high-level government meetings, sophisticated hacks of US companies, and government and private industry cyber operations. Harris recounts Vice Admiral McConnell selling President George W. Bush on cyberwar in Iraq, the turf war over domestic cyber defense between the NSA and the Department of Homeland Security, and the sophisticated hack on Google networks that led the company to publicly identify China as the perpetrator. The end result is a military-Internet complex rivaling the "military- industrial complex" President Dwight Eisenhower predicted more than half a century ago. @War is a well-written, well-researched look into the growth of cyber conflict. The book lays bare the close relationship between Internet companies and the US government. Harris suggests the rules of cyberspace are not set but are quickly being defined by the military- Internet complex, which will have implications for our privacy and our freedom. As Harris states, "It's incumbent on everyone who touches cyberspace - which is undeniably a collective - to find what Eisenhower called 'essential agreement on issues of great moment, the wise resolution of which will better shape the future of the nation.'" -- Jeramie D. Scott =================================== EPIC Bookstore =================================== "Litigation Under the Federal Open Government Laws 2010," edited by Harry A. Hammitt, Marc Rotenberg, John A. Verdi, Ginger McCall, and Mark S. Zaid (EPIC 2010). Price: $75. http://epic.org/bookstore/foia2010/ Litigation Under the Federal Open Government Laws is the most comprehensive, authoritative discussion of the federal open access laws. This updated version includes new material regarding President Obama's 2009 memo on Open Government, Attorney General Holder's March 2009 memo on FOIA Guidance, and the new executive order on declassification. The standard reference work includes in-depth analysis of litigation under: the Freedom of Information Act, the Privacy Act, the Federal Advisory Committee Act, and the Government in the Sunshine Act. The fully updated 2010 volume is the 25th edition of the manual that lawyers, journalists and researchers have relied on for more than 25 years. ================================ "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, and constitutional values can be ordered at: EPIC Bookstore: http://www.epic.org/bookstore ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: http://mailman.epic.org/mailman/listinfo/foia_notes ======================================================================= [9] Upcoming Conferences and Events ======================================================================= Performance of "Interrogation (or How I Learned to Stop Worrying and Love the NSA)." By John Feffer, Directed by Matty Griffiths. Discussion afterwords with EPIC Executive Director Marc Rotenberg. Busboys and Poets, Washington, DC. December 11, 2014. For More Information: http://www.busboysandpoets.com/events/event/performance-of-interrogation. "Computers, Privacy, and Data Protection." Brussels: January 21-23, 2015. For More Information: http://www.cpdpconferences.org/. "EPIC 2015 International Champion of Freedom Award." Brussels: January 22, 2015. For More Information: http://www.cpdpconferences.org/. ======================================================================= Join EPIC on Facebook and Twitter ======================================================================= Join the Electronic Privacy Information Center on Facebook and Twitter: http://facebook.com/epicprivacy http://epic.org/facebook http://twitter.com/epicprivacy Start a discussion on privacy. Let us know your thoughts. Stay up to date with EPIC's events. Support EPIC. ======================================================================= Privacy Policy ======================================================================= The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================= About EPIC ======================================================================= The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================= Support EPIC ======================================================================= If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave. NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/support Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government and private-sector infringement on constitutional values. ======================================================================= Subscription Information ======================================================================= Subscribe/unsubscribe via web interface: http://mailman.epic.org/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ------------------------- END EPIC Alert 21.23------------------------