EPIC logo

                          E P I C  A l e r t
Volume 10.05                                             March 10, 2003

                           Published by the
             Electronic Privacy Information Center (EPIC)
                           Washington, D.C.

Table of Contents

[1] EPIC Obtains Total Information Awareness Contractor Documents
[2] Appeals Court Strikes Down Internet Censorship Law (Again)
[3] Supreme Court Upholds Megan's Laws, Passes on FOIA Case
[4] Disclosure of Air Travel Passenger Data Violates EU Privacy Laws
[5] EPIC Comments on Biometrics Specification, Air Travel Database
[6] National Intelligence Systems Used for Diplomatic Surveillance
[7] EPIC Bookstore: Federal Access to Info. and Privacy Legislation
[8] Upcoming Conferences and Events

[1] EPIC Obtains Total Information Awareness Contractor Documents

EPIC has obtained contractor documents for the Total Information
Awareness program following a Freedom of Information Act lawsuit
against the Defense Department.  EPIC v. Department of Defense, No.
02-1233 (D.D.C. 2002).  This is the first release of documents under
this request.  EPIC anticipates the receipt of further documents
covering various aspects of DARPA's data mining activities and the
Total Information Awareness program over the next few months.  EPIC
will make these documents available as they are received.

The first batch of documents are letters concerning contracts awarded
to various companies that submitted projects for grants under DARPA's
solicitation notice, BAA-02-08, which was published on March 21, 2002.
The letters, signed by Admiral John Poindexter, state either approval
or rejection of each research project, and provide information on
contractors, project titles, and if approved, the government contact
for the project.  A separate set of documents show how much funding
certain proposals received.  Of the 180, there are 26 approval
letters, and there is currently budget information available on 15
contracts.  The list of contractors who sought funding range from
large corporations, including Lockheed Martin and Raytheon, to small
technology start-ups and large research universities.

According to the Defense Department notice, the main focus of the
Total Information Awareness program is to build "usable tools, rather
than demonstrations."  The notice states that "[t]he idea is to enable
our partners in the intelligence community to evaluate new technology
and pick it up for experimental use and transition, as appropriate."
The government contacts listed in the letters indicate potential users
or developers of the technology.  The contacts are from three branches
of the Defense Department: the Air Force Research Laboratory, the
Navy's Space and Naval Warfare Systems (SPAWAR), and DARPA Information
Awareness Office itself.  In addition, funding for three approved
projects comes from the Information Exploitation Office of DARPA.  The
Air Force Research Laboratory's "Information Directorate" based in
Rome, NY was developing elements of Total Information Awareness
technology under Douglas Dyer, who has now moved to DARPA and is also
the author of BAA-02-08.  The Navy's SPAWAR program also appears
interested in developing large-scale repository and data mining
capabilities.  It is not clear how these technologies might be useful
for the Air Force and Navy in their respective "battlespaces," or why
they are funding the development of domestic surveillance

Total Information Awareness contractor data is available at:


An analysis of the contractor letters and data is available at:


EPIC's Total Information Awareness page:


[2] Appeals Court Strikes Down Internet Censorship Law (Again)

The U.S. Court of Appeals for the Third Circuit has, for the second
time, ruled that the Child Online Protection Act (COPA) is
unconstitutional.  In a decision issued on March 6, the court found
that the law violates the First Amendment because it improperly
restricts access to a substantial amount of online speech that is
lawful for adults to receive.  The decision follows a Supreme Court
decision issued in May 2002 that sent the case back to the appeals
court, which had previously ruled that COPA was unconstitutional.

COPA, signed into law in October 1998, makes it a federal crime to use
the Internet to communicate "for commercial purposes" material
considered "harmful to minors," with penalties of up to $150,000 for
each day of violation and up to six months in prison.  Civil liberties
groups, including the American Civil Liberties Union and EPIC,
challenged the law shortly after its passage, arguing that COPA
violates the First Amendment.  In February 1999, the federal district
court in Philadelphia issued an injunction preventing the government
from enforcing COPA.  The Third Circuit Court of Appeals affirmed in
June 2000, but the Supreme Court questioned the validity of the only
conclusion reached by the appellate court -- that COPA's reliance on
"community standards" renders the law unconstitutional.

Compliance with COPA would require Web sites to obtain identification
and age verification from visitors, a feature of the law that EPIC has
argued threatens online privacy and anonymity.  In its new decision,
the appeals court specifically addressed this issue:

     We agree . . . that COPA will likely deter many adults
     from accessing restricted content, because many Web users
     are simply unwilling to provide identification information
     in order to gain access to content, especially where the
     information they wish to access is sensitive or
     controversial. People may fear to transmit their personal
     information, and may also fear that their personal,
     identifying information will be collected and stored in
     the records of various Web sites or providers of adult
     identification numbers.

     The Supreme Court has disapproved of content-based
     restrictions that require recipients to identify themselves
     affirmatively before being granted access to disfavored
     speech, because such restrictions can have an impermissible
     chilling effect on those would-be recipients.

It is likely that the Justice Department will again seek Supreme Court
review of the case.

The Third Circuit decision is available at:


EPIC's COPA Litigation Page:


[3] Supreme Court Upholds Megan's Laws, Passes on FOIA Case

The Supreme Court ruled on March 5 that the Alaska Megan's Law
statute, which requires sex offenders to have their pictures and
addresses put on the Internet, does not violate the Ex Post Facto
clause of the Constitution (even though it was retroactively applied)
because the statute is a non-punitive civil regulation.  EPIC filed an
amicus curiae brief, arguing that the mandatory online dissemination
of sex offender information is excessive when weighed against the
statutory purpose of protecting people in the geographic vicinity of
released offenders, and therefore unconstitutional.  Justice Kennedy,
writing for a five-member majority in Smith v. Doe, held that the
purpose of the statute was to inform the public and also that it was
non-punitive. In response to the claim that the online dissemination
exceeded the statutory purpose, Justice Kennedy wrote:

     The fact that Alaska posts the information on the Internet
     does not alter our conclusion.  It must be acknowledged that
     notice of a criminal conviction subjects the offender to
     public shame, the humiliation increasing in proportion to
     the extent of the publicity.  And the geographic reach of
     the Internet is greater than anything which could have been
     designed in colonial times.  These facts do not render
     Internet notification punitive.  The purpose and the
     principal effect of notification are to inform the public
     for its own safety, not to humiliate the offender.
     Widespread public access is necessary for the efficacy of
     the scheme, and the attendant humiliation is but a
     collateral consequence of a valid regulation.

     The State's Web site does not provide the public with means
     to shame the offender by, say, posting comments underneath
     his record.  An individual seeking the information must take
     the initial step of going to the Department of Public
     Safety's Web site, proceed to the sex offender registry,
     and then look up the desired information.  The process is
     more analogous to a visit to an official archive of
     criminal records than it is to a scheme forcing an offender
     to appear in public with some visible badge of past
     criminality.  The Internet makes the document search more
     efficient, cost effective, and convenient for Alaska's

Justice Souter filed a concurring opinion.  Justice Stevens and
Justice Ginsburg, joined by Justice Breyer, wrote dissenting opinions.
Justice Stevens said:

     The statutes impose significant affirmative obligations and
     a severe stigma on every person to whom they apply. In
     Alaska, an offender who has served his sentence for a
     single, nonaggravated crime must provide local law
     enforcement authorities with extensive personal information
     -- including his address, his place of employment, the
     address of his employer, the license plate number and make
     and model of any car to which he has access, a current
     photo, identifying features, and medical treatment -- at
     least once a year for 15 years.  If one has been convicted
     of an aggravated offense or more than one offense, he must
     report this same information at least quarterly for life.
     Moreover, if he moves, he has one working day to provide
     updated information.  Registrants may not shave their
     beards, color their hair, change their employer, or borrow
     a car without reporting those events to the authorities.
     Much of this registration information is placed on the
     Internet.  In Alaska, the registrant's face appears on a
     webpage under the label "Registered Sex Offender." His
     physical description, street address, employer address,
     and conviction information are also displayed on this page.

Justice Ginsburg wrote:

     I would hold Alaska's Act punitive in effect. Beyond doubt,
     the Act involves an "affirmative disability or restraint."
     As Justice Stevens and Justice Souter spell out, Alaska's
     Act imposes onerous and intrusive obligations on convicted
     sex offenders; and it exposes registrants, through aggressive
     public notification of their crimes, to profound humiliation
     and community-wide ostracism. . . .

In a related case, Connecticut Dept. of Public Safety v. Doe, the
Court unanimously held that inclusion in a public sex offender
registry, without a separate hearing on the offender's risk to the
community, does not violate the Due Process Clause of the

In a separate matter, the Supreme Court has decided not to consider a
pending case that pitted gun owner privacy interests against the
public's right to know.  The Court was scheduled to hear oral
arguments in Department of Justice v. City of Chicago on March 4, but
has sent the case back to the lower court to consider the effect of a
recently enacted legislative provision that prohibits the Bureau of
Alcohol, Tobacco and Firearms from expending funds to disclose records
concerning gun ownership.  The records had been sought by the City of
Chicago in a case concerning civil liability for gun manufactures.
EPIC filed an amicus brief in the case arguing that, through the use
of technology, the government could encode personal information before
releasing it, thereby permitting public access to records in the
government's permission while still protecting individual privacy
rights.  The EPIC brief was joined by 16 legal scholars and technical

Smith v. Doe, No. 01-729 (U.S., March 5, 2003):


Brief of Amicus Curiae EPIC, Smith v. Doe:


Connecticut Department of Public Safety v. Doe, No. 01-1231 (U.S.,
March 5, 2003):


EPIC's page on Sex Offender Registries:


Brief of Amicus Curiae EPIC, Dept. of Justice v. Chicago:


[4] Disclosure of Air Travel Passenger Data Violates EU Privacy Laws

Due to an interim arrangement enacted on March 5 between the European
Commission and the United States Customs Department, European airlines
are now required to provide U.S. Customs with full access to their
passenger data.  As outlined in the EU-U.S. joint statement of
February 17-18, U.S. Customs will now be able to request all passenger
data stored by European airlines.  The transfer of data is not
restricted to name, address or flight number; it also covers all other
data collected about passengers, such as credit card number, etc. This
includes sensitive and potentially stigmatic data, such as meal
choice, which might reveal medical problems, ethnicity, or religion,
for example.  The U.S. is even considering requiring the collection of
biometric data from European citizens who participate in the Visa
Waiver program (which applies to most European citizens, providing
them with a visa issued by U.S. Customs when they first enter a U.S.
airport).  Customs could therefore potentially require European
citizens to provide their fingerprints in order to enter the United

In exchange for the United States' promise to safeguard the privacy of
European Citizens, the European Commission urged data protection
authorities of European member states not to intervene when European
airlines provide US Customs with the requested data.  EPIC argues that
these requests violate European privacy laws.  Since the requests
involve systematic collection of data from all passengers, they are
excessive.  Collected data might be forwarded to any federal or local
law enforcement agency for several different purposes, not restricted
to combating terrorism.  The United States' promises of safeguarding
the data are vague, and therefore weak.  There is no supervisory body
to oversee these safeguards, and European airline companies will be
forced to act like law enforcement agencies.  Further, even the legal
basis for this arrangement is not backed by European Law.

For more information, see EPIC's new Web page on Surveillance of
European Air Travelers:

EPIC's Air Travel Privacy page:


[5] EPIC Comments on Biometrics Specification, Air Travel Database

On February 28, EPIC submitted comments on the Organization for the
Advancement of Structured Information Standards (OASIS) XML Common
Biometric Format (XCBF) 1.0 Committee Specification.  Biometrics
entail automated methods of recognizing a person based on
physiological or behavioral characteristics and measurements, and are
used to recognize the identity of an individual or to verify a claimed
identity.  XCBF offers a standard XML schema for biometrics, which
describes information that verifies identity based on unique human
characteristics, including fingerprints, iris scans, hand geometry,
and DNA.

Drawing a distinction between security and privacy, EPIC's comments
stated that while the specification may respect security standards, it
cannot be fairly or accurately described as respecting privacy.
Technologies or protocols that respect privacy assist in minimizing or
eliminating the collection of personally identifiable information.
Technologies that respect security may prevent unauthorized parties
from gaining access to protected data, but the OASIS specification
says nothing about the how the information will be used or whether
authorized parties will use information in a way that is detrimental
to the interests of the data subject.  EPIC underscored that
techniques that enable the collection of personally identifiable
information in the absence of enforceable legal rights or technical
safeguards necessarily create a new risk that personal information
will be misused.  Because standardization of biometric data in
machine-readable format makes massive and efficient automated data
aggregation techniques much simpler, EPIC recommended further research
into implementing privacy safeguards within the protocol.

EPIC also recently submitted comments to the National Highway Traffic
Safety Administration (NHTSA) regarding their role in the development
and installation of Event Data Recorders (EDRs), or "black boxes," in
motor vehicles.  Event data recorders (EDRs) are electronic "black
boxes" that collect and store information about the operation of a
motor vehicle.  The data recorded might include the date, time,
velocity, direction, number of occupants, airbag data, and seat belt
use.  The devices might even include location data, which raises
additional significant privacy issues.  In addition, there are open
questions about how the data can be accessed, recorded and
transmitted.  There are several different types of EDRs in the market,
ranging from the Vetronix system, which is installed in cars produced
by General Motors, to the more elaborate MacBox system currently being
tested by the Drive Atlanta project at the Georgia Institute of
Technology.  Each type of device collects different kinds of data for
different purposes. Advocates of EDR technology suggest that the
information might be useful in accident reconstruction and developing
safer vehicles through "real world" testing.  Insurance companies want
the data to settle claims expeditiously.  These companies, along with
car rental agencies and others, have also demonstrated interest in
obtaining this data in support of efforts to control driving behavior
through surveillance.

EPIC's comments, submitted on February 24, recommended that the
collection of driving-related information through EDRs must follow
Fair Information Practices, and that the NHTSA must under no
circumstances mandate the use of EDRs without a framework of strong
privacy safeguards.  The privacy issue concerns not just who "owns,"
i.e. controls, the use of the data (which should be the operator of
the vehicle), but the entire set of information practices, including
how the data is collected, processed, transmitted and stored.  The
Organization for Economic Cooperation and Development developed robust
privacy guidelines in 1980, which have been adopted by several
countries, government agencies, and corporations.  These guidelines
provide an effective framework for addressing the privacy issues
surrounding automobile black boxes, as they provide strong,
technology-neutral privacy rules.  A strong privacy framework might
further any public safety interests that the agency has in EDR
technology, by promoting adoption of the technology by drivers who do
not feel that the presence of these monitoring devices is a risk.  The
comments encouraged the agency to engage in further public discussions
to develop a Fair Information Practices framework covering the use of
automobile black boxes.

OASIS XML Common Biometric Format 1.0 Committee Specification:


EPIC's comments on the specification:

For more information on biometrics, see EPIC's Biometrics page:


EPIC's comments on Event Data Recorders:


NHTSA Docket 2002-13546, Request for Comments:


[6] National Intelligence Systems Used for Diplomatic Surveillance

According to a leaked January 31 National Security Agency (NSA) e-mail
memorandum sent to Britain's Government Communications Headquarters
(GCHQ), the NSA's chief of staff of Regional Targeting, Frank Koza,
requested the British to supplement NSA's electronic surveillance
coverage of the communications of the UN missions of UN Security
Council members and other nations.  The memorandum, which was obtained
by The Observer newspaper, stated the NSA was particularly interested
in an intelligence "surge" directed against the communications of
Angola, Cameroon, Chile, Bulgaria and Guinea, with an "extra focus"
exerted on Pakistan.  In addition to members of the Security Council,
the NSA memo states, "We have a lot of special UN-related diplomatic
coverage (various UN delegations) from countries not sitting on the
UNSC right now that could contribute related perspectives/insights/
whatever.  We recognize that we can't afford to ignore this possible

On March 9, it was reported that a 28-year old GCHQ employee was
arrested last week for violating the Official Secrets Act.  Under the
Act, the leaker or leakers involved with providing The Observer with
the classified memorandum can be charged, as well as the newspaper and
its reporters for publishing the document.

Although NSA surveillance of foreign communications and diplomatic
missions in the United States violate neither the NSA charter or the
Foreign Intelligence Surveillance Act, such a concentrated effort
directed against the United Nations, its missions, and the homes of
its diplomats could violate the Vienna Convention on Diplomatic
Relations, which stipulates "the official correspondence of the
mission shall be inviolable."

The memo and coverage from The Observer are available online at:


"UN launches investigation into US spying on envoys," Taipei Times
(The Observer), March 10, 2003:


"No Comment From U.S. on 'Dirty Tricks' Report," Newsday, March 4,

EPIC's Foreign Intelligence Surveillance Act page:


[7] EPIC Bookstore: Federal Access to Info. and Privacy Legislation

"Federal Access to Information and Privacy Legislation Annotated
2003," by Colonel Michel W. Drapeau and Marc-Aurèle Racicot (Thomson
Carswell 2003).


This new publication on the Canadian privacy and access laws provides
an extraordinarily useful compendium of key materials for those
interested in these key Canadian statutes.  The book includes the
legislative history, text, and extensive annotations for the Access to
Information Act, the Privacy Act and the recently enacted Personal
Information and Electronic Document Act.  The case histories,
particularly for the Access to Information Act, are extensive.

The historical discussion papers on the development of the Canadian
access law offer an important understanding on the development of this
key statute.  The forewords by Justice Clair l'Heureux-Dubé of the
Supreme Court of Canada and John Grace, Canada's first Privacy
Commissioner, provide further insight into the significance of privacy
and open government rights in Canada.

The book also provides a useful citizen's guide to use of the access
legislation that incorporates practical suggestions for making use of
the Canadian access law.  The text includes many useful references
tools, such as a detailed table of contents, table of case, summaries
of key provisions in the Access to Information Act and privacy Act,
and contact information for the Department of Access to Information
and Privacy Commissioners.

This is the most comprehensive reference work to date on Canadian
access and privacy law.

- Marc Rotenberg


EPIC Publications:

"The Privacy Law Sourcebook 2002: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2002).
Price: $40. http://www.epic.org/bookstore/pls2002/

The "Physicians Desk Reference of the privacy world."  An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.


"FOIA 2002: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40.

This is the standard reference work covering all aspects of the
Freedom of Information Act, the Privacy Act, the Government in the
Sunshine Act, and the Federal Advisory Committee Act.  The 21st
edition fully updates the manual that lawyers, journalists and
researchers have relied on for more than 25 years.  For those who
litigate open government cases (or need to learn how to litigate
them), this is an essential reference manual.

"Privacy & Human Rights 2002: An International Survey of Privacy Laws
and Developments" (EPIC 2002). Price: $25.

This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty countries around the world.  The survey examines
a wide range of privacy issues including data protection, telephone
tapping, genetic databases, video surveillance, location tracking, ID
systems and freedom of information laws.


"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.


"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.


"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:
$20. http://www.epic.org/crypto&/

EPIC's third survey of encryption policies around the world.  The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.
EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:
     EPIC Bookstore
     "EPIC Bookshelf" at Powell's Books
[8] Upcoming Conferences and Events

** Uniting Privacy and the First Amendment in the 21st Century **

May 9-10, 2003
Oakland, CA

EPIC, the First Amendment Project, and the California Office of
Privacy Protection are sponsoring this activist symposium designed to
explore the interplay between privacy and First Amendment rights, with
the goal of developing strategies for optimizing both.

If you are interested in making a presentation or leading a Working
Group, please submit a letter outlining your proposed presentation and
including a brief explanation of the issue to be addressed, a list of
possible presenters, and the desired outcome of the session to:

For more information: http://www.epic.org/events/unitingsymposium/


Identity Theft: Current Enforcement and Prevention Efforts. New York
City Bar Association, Committee on Consumer Affairs. March 12, 2003.
New York, NY. For more information: <jgreenbaum@fkkslaw.com>

P&AB's Privacy Practitioners' Workshop and Ninth Annual National
Conference. Privacy & American Business. March 12-14, 2003.
Washington, DC. For more information:

Big Brother Technologies. A Choices and Challenges Forum. Center for
Interdisciplinary Studies, Virginia Polytechnic Institute and State
University. March 27, 2003. Blacksburg, VA. For more information:

Symposium on Security, Technology, and Individual Rights: the
convergence of our history, our ideals, and our innovative spirit.
Georgetown Journal of Law and Public Policy. March 27-28, 2003.
Washington, DC. For more information: <gjlpp@law.georgetown.edu>

CFP2003: 13th Annual Conference on Computers, Freedom, and Privacy.
Association for Computing Machinery (ACM). April 1-4, 2003. New York,
NY. For more information: http://www.cfp2003.org/

28th Annual AAAS Colloquium on Science and Technology Policy. American
Association for the Advancement of Science. April 10-11, 2003.
Washington, DC. For more information:

Integrating Government With New Technologies '03: E-Government, Change
and Information Democracy. Riley Information Services. April 11, 2003.
Ottawa, Canada. For more information: http://www.rileyis.com/seminars/

RSA Conference 2003. RSA Security. April 13-17, 2003. San Francisco,
CA. For more information: http://www.rsaconference.com/

**POSTPONED UNTIL MID-JUNE.** Building the Information Commonwealth:
Information Technologies and Prospects for Development of Civil
Society Institutions in the Countries of the Commonwealth of
Independent States. Interparliamentary Assembly of the Member States
of the Commonwealth of Independent States (IPA). April 22-24, 2003.
St. Petersburg, Russia. For more information:

O'Reilly Emerging Technology Conference. April 22-25, 2003. Santa
Clara, CA. For more information: http://conferences.oreilly.com/etcon/

Mid Canada Information Security Conference. Information Protection
Association of Manitoba. April 30, 2003. Winnipeg, Manitoba, Canada.
For more information: http://www.ipam.mb.ca/mcisc/

Little Sister 2003: Community Resistance, Security, Law and
Technology. May 9-11, 2003. Vancouver, British Columbia, Canada. For
more information: http://www.littlesister2003.org/

Technologies for Protecting Personal Information. Federal Trade
Commission. Workshop 1: The Consumer Experience. May 14, 2003.
Workshop 2: The Business Experience. June 4, 2003. Washington, DC. For
more information: http://www.ftc.gov/techworkshop/

O'Reilly Open Source Convention. July 7-11, 2003. Portland, OR. For
more information: http://conferences.oreilly.com/oscon/

Privacy2003. Technology Policy Group. September 30 - October 2, 2003.
Columbus, OH. For more information:

Subscription Information
Subscribe/unsubscribe via Web interface:

Subscribe/unsubscribe via e-mail:
     To: epic_news-request@mailman.epic.org
     Subject line: "subscribe" or "unsubscribe" (no quotes)
Help with subscribing/unsubscribing:

     To: epic_news-request@mailman.epic.org
     Subject: "help" (no quotes)
Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under
"subscription information".  Please contact info@epic.org if you would
like to change your subscription e-mail address, if you are
experiencing subscription/unsubscription problems, or if you have any
other questions.
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to
1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at:

** Receive a free Observing Surveillance conference poster with
donation of $75 or more! **
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
Thank you for your support.
   ---------------------- END EPIC Alert 10.05 ----------------------