=======================================================================
E P I C A l e r t
=======================================================================
Volume 10.08 April 23, 2003
-----------------------------------------------------------------------
Published by the
Electronic Privacy Information Center (EPIC)
Washington, D.C.
http://www.epic.org/alert/EPIC_Alert_10.08.html
=======================================================================
Table of Contents
=======================================================================
[1] Coalition Alleges Violations of Children's Privacy Law
[2] FOIA Documents on ChoicePoint Spark International Inquiries
[3] EPIC Establishes Privacy Threat Index
[4] Online Petition Drive Continues to Urge Accuracy for FBI Database
[5] Privacy and First Amendment Symposium: 5/9/03, Oakland, CA
[6] News in Brief
[7] EPIC Bookstore: The File: A Personal History
[8] Upcoming Conferences and Events
=======================================================================
[1] Coalition Alleges Violations of Children's Privacy Law
=======================================================================
In a complaint filed with the Federal Trade Commission (FTC), EPIC and
11 consumer protection groups urged the agency to investigate
Amazon.com for violations of the Children's Online Privacy Protection
Act (COPPA). The coalition of groups joining the complaint includes
Commercial Alert, the Center for Media Education, and the Consumer
Federation of America.
The COPPA is a 1998 Federal law that seeks to protect individuals
under the age of 13 from online privacy violations. Commercial Web
sites that are directed towards children, or those that have actual
knowledge that they collect children's personal information, must
comply with the COPPA. Such sites must provide a parental privacy
notice, a mechanism to obtain verifiable parental consent for the
collection of children's information, a system for parental review and
deletion of children's information, and security and confidentiality
requirements.
The complaint details how Amazon.com is operating a commercial Web
site directed at children, collecting children's personal information,
and disclosing that data. To support the finding that Amazon.com
directs its "Toy Store" page to children, the complaint illustrates
how the company employs child models, cartoon characters, and playful
fonts to direct children to purchase toys on the site. Individuals who
visit "ToysRUs.com" or "Imaginarium.com" are redirected to the
Amazon.com "Toy Store" page. Furthermore, it appears that numerous
children have registered on the Amazon.com Web site. The EPIC
complaint notes that children as young as 7 have registered, and in
some cases, have publicly listed their full names, postal addresses,
and e-mail addresses.
The complaint urges the FTC to investigate Amazon.com, and to order
the company to purge children's information from the site. EPIC has
previously filed complaints and engaged in other actions that have led
to pro-privacy changes in industry practices, specifically regarding
the privacy and security of Microsoft Passport, DoubleClick's Web
tracking scheme, and Intel's Processor Serial Numbers (see EPIC Alerts
8.14, 7.03, and 6.02).
The complaint is available online at:
http://www.epic.org/privacy/amazon/coppacomplaint.html
EPIC's COPPA Page:
http://www.epic.org/privacy/kids/
=======================================================================
[2] FOIA Documents on ChoicePoint Spark International Inquiries
=======================================================================
Documents obtained under the Freedom of Information Act (FOIA) have
sparked inquiries in Mexico and other Central and South American
countries regarding the sale of foreign citizens' personal information
to the US government by information broker ChoicePoint. ChoicePoint
sells the personal data of citizens of Mexico, Colombia, Brazil,
Venezuela, Guatemala, Argentina, Costa Rica, Honduras, and Nicaragua.
The information categories for these countries include national ID,
voting registers, vehicle registration, aircraft registration, and
telephone numbers. Apparently ChoicePoint began to accumulate this
information in 2000 through relationships with foreign governments and
purchases from foreign data vendors.
Latin American privacy experts claim that the acquisition of the
information by ChoicePoint may have been illegal, and that the sale
infringes on national sovereignty. Costa Rican, Nicaraguan, and
Mexican authorities have decided to investigate the matter, and the
Mexican Federal Electoral Institute will file a criminal complaint
against persons who have sold voter data to ChoicePoint.
One group of documents obtained from the Immigration and Naturali-
zation Service (INS) shows that ChoicePoint offered a contract for
unlimited direct access to international databases for a $1 million
fee. Other documents obtained from the Department of Justice
Management Division show that the agency entered into an $11 million
contract with ChoicePoint for fiscal year 2002.
FOIA Documents from the INS:
http://www.epic.org/privacy/publicrecords/inschoicepoint.pdf
FOIA Documents from the Department of Justice Management Division:
http://www.epic.org/privacy/publicrecords/citizenprices.pdf
EPIC's Page on Privacy and Public Records:
http://www.epic.org/privacy/publicrecords/
=======================================================================
[3] EPIC Establishes Privacy Threat Index
=======================================================================
On April 15, EPIC announced that it was establishing a new Privacy
Threat Index to track the growing threat to privacy resulting from the
expansion of government surveillance.
The Privacy Threat Index follows the same color-coded scheme estab-
lished for the Homeland Security Advisory System: the rankings of
Green, Blue, Yellow, Orange, and Red correspond respectively to Low,
Guarded, Elevated, High, and Severe threats to privacy.
Based on developments during the past year, EPIC assessed the current
level as Yellow, or Elevated. The factors cited included the following:
- Expanded use of the Foreign Intelligence Surveillance Act,
which permits the government to conduct surveillance without
the general safeguards required by the Fourth Amendment;
- The decision of the FBI to relax the legally mandated
accuracy requirement for the National Crime Information
Center, the nation's largest criminal justice database;
- Increased funding for surveillance systems, including
immigration control and video surveillance;
- Possible consideration of the Domestic Security Enhancement
Act, dubbed by some as "Patriot II," which would further
expand government surveillance authority;
- Required use of biometric identifiers for routine identifi-
cation documents without associated privacy protection to
assure personal information will not be misused;
- Ongoing efforts by the FBI to extend the application of the
Communications Assistance for Law Enforcement Act, which
requires the development of wiretap-friendly communications
services, to Internet telephony.
At the same time, EPIC noted that there were some hopeful signs:
- The United States has so far rejected the development of a
mandatory national ID card;
- The proposal for the establishment of Total Information
Awareness research program has been suspended by Congress
pending an investigation;
- The passenger profiling system, CAPPS II, is under increased
scrutiny.
On April 16, when the federal government reduced the threat level for
the Homeland Security Advisory System, EPIC's Privacy Threat Index
remained unchanged. The decision not to change the threat level was
based on the fact that there had been no changes in the level of
government monitoring and surveillance in the United States.
EPIC Executive Director Marc Rotenberg said that it seems more likely
that the Privacy Threat Index would be raised in the near future,
rather than lowered. He also noted that it would become increasingly
important to compare surveillance activity over time: "We will use the
Privacy Threat Index to assess developments in the United States and
to compare activities in countries around the world."
Web sites are encouraged to link to the EPIC Privacy Threat Index.
Insert the following HTML code where the graphic should appear:
<A HREF="http://www.epic.org/"><IMG
SRC="http://www.epic.org/graphics/threat_index.gif" alt="EPIC
Privacy Threat Index"></A>
The Privacy Threat Index graphic is available at:
http://www.epic.org/graphics/threat_index.gif
Information about EPIC's annual publication "Privacy and Human
Rights," which will incorporate the Privacy Threat Index in the
forthcoming 2003 edition, is available at:
http://www.epic.org/bookstore/phr2002/
=======================================================================
[4] Online Petition Drive Continues to Urge Accuracy for FBI Database
=======================================================================
EPIC encourages individuals to join the campaign to restore the
accuracy requirements for the nation's largest law enforcement
database. Last month, the Justice Department exempted the FBI from
the Privacy Act obligation to ensure the accuracy, completeness, and
timeliness of the 39 million records it maintains in its National
Crime Information Center (NCIC) system. A broad coalition of organi-
zations and thousands of individuals are now calling on Office of
Management and Budget Director Mitchell Daniels to require the Justice
Department to rescind its decision.
Recent controversy over a similar law enforcement database in
California highlights the potential risks posed by lifting data
accuracy requirements. Some parents of Northern California students
believe that police may be erroneously categorizing their children as
suspected gang members in "CalGang," a statewide computer system for
tracking and sharing information on alleged gang members and
associates. In a lawsuit filed by the ACLU of Northern California,
students claim that local police and school officials at a Union City
high school unlawfully detained, searched, and photographed 60
students whose names and pictures were then included in the CalGang
database. The complaint alleges that the students illegally were
suspected as gang members on the basis of their race and national
origin.
While the CalGang data is not specifically submitted to the FBI's NCIC
database, this case demonstrates how easily inaccurate information
could be included in the system. The NCIC database also contains
information on suspected gang members, and the criteria for
categorizing an individual as a suspected gang member are minimal.
For example, an individual merely needs to frequent a known gang area
and be identified as a gang member by a "reliable informant" to be
included in the database. Under the new Justice Department
regulations, law enforcement agents are no longer statutorily charged
with ensuring the accuracy and completeness of this information.
To support the effort to restore the accuracy requirements of the NCIC
database, sign the online petition:
http://www.petitiononline.com/ncic/petition.html
EPIC National Crime Information Center Page:
http://www.epic.org/actions/ncic/
California Class Action Complaint Regarding CalGang:
http://www.aclunc.org/students/030130-brief.pdf
=======================================================================
[5] Privacy and First Amendment Symposium: 5/9/03, Oakland, CA
=======================================================================
Registration is still open for "Uniting Privacy and the First
Amendment in the 21st Century," a symposium organized jointly by the
Electronic Privacy Information Center, the First Amendment Project,
and the California Office of Privacy Protection. The symposium will
take place on May 9 in Oakland, California. There is a student
discount; scholarship money is also available to cover travel costs.
Freedom of expression and the right to privacy are both extremely
important constitutional values; yet privacy and the First Amendment
are often set against one another, proving quite problematic. This
symposium will explore how best to safeguard these two essential
rights. It is a meeting for advocates and academics, experts and
interested persons; a conference for all people who value both freedom
of expression and the right to privacy. Informational sessions and
interactive working groups will foster problem-solving and future
collaboration among attendees.
The conference will focus on three major themes: Privacy's role in
promoting the First Amendment, Mutual threats to Privacy and the First
Amendment, and Privacy and the First Amendment in conflict. Professor
Jeffrey Rosen will deliver the keynote address.
Also, on May 10, there will be a special meeting of the Privacy
Coalition on the West Coast. Local affiliates and privacy advocates in
the Bay Area are highly encouraged to attend.
To register for the symposium, see the informational online brochure:
http://www.epic.org/events/unitingsymposium/brochure.pdf
More information about the conference is available at:
http://www.epic.org/events/unitingsymposium/
=======================================================================
[6] News in Brief
=======================================================================
Center for the Protection of Free Expression Awards "Jefferson Muzzles"
On April 13, the Thomas Jefferson Center for the Protection of Free
Expression celebrated Jefferson's birthday by awarding the 12th annual
"Jefferson Muzzles." These dubious awards are given to those whose
actions would stifle freedom of expression, going against Jefferson's
core beliefs. This year's awardees include Attorney General John
Ashcroft and the U.S. Congress.
More information on this year's "winners" is available at:
http://www.tjcenter.org/muzzles.html
OSCE Releases Report on Freedom of the Media in the Digital Era
The Organization for Security and Cooperation in Europe (OSCE) has
published a booklet titled "From Quill to Cursor: Freedom of the Media
in the Digital Era." This booklet comprises papers submitted for a
one-day workshop on freedom of the media and the Internet held in
Vienna in November. In these papers, experts from the United Nations
Educational, Scientific and Cultural Organization (UNESCO) and the
Council of Europe, as well as journalists and Internet service
providers, explore topics such as universal access to Cyberspace,
constitutional rights in the Internet age, the importance of the
public domain, and censorship and intellectual property rights.
"From Quill to Cursor: Freedom of the Media in the Digital Era":
http://www.osce.org/documents/rfm/2003/04/41_en.pdf
New Advocacy Group to Hold Briefing on Secrecy and Homeland Security
A new online advocacy group, the Center for Progressive Regulation
(CPR), is arguing that the provision of the Homeland Security Act of
2002 that exempted voluntarily disclosed critical infrastructure
information to the Department of Homeland Security from Freedom of
Information Act (FOIA) requests is "a significant departure from
existing law." On April 25 the organization will hold a Hill briefing
on this subject, called "Democracy Behind Closed Doors: The Homeland
Security Act and Government Secrecy Initiatives."
Center for Progressive Regulation:
http://www.progressiveregulation.org/
D.C. Law Librarians Upload New Reports on Congressional Procedures
The Law Librarians' Society of Washington, D.C. (LLSDC) has announced
the availability of a new Web resource. "Selected Congressional
Research Service Reports on Congress and Its Procedures" includes
many reports that are now available on the Web for the first time. The
site also provides links to other CRS reports available online.
The reports are available on LLSDC's Legislative Source Book Web site:
http://www.llsdc.org/sourcebook/CRS-Congress.htm
=======================================================================
[7] EPIC Bookstore: The File: A Personal History
=======================================================================
The File: A Personal History, by Timothy Garton Ash (Random House
1997).
http://www.epic.org/bookstore/powells/redirect/alert1008.html
Timothy Garton Ash's "The File" is a journey into the author's
two-inch-thick Stasi intelligence file that the East German police
accumulated on him during his study as a graduate student in East
Berlin. These files were opened after German reunification, and have
caused great tension in the country as Stasi informers were shown to
have shared information on co-workers, friends, and even family
members.
Ash's Stasi file, consistent with the government disclosure rules, is
nearly complete. Only the names of innocent third parties are
redacted from the record, thus giving Ash the opportunity to confront
the citizen informers who betrayed him and the Stasi agents who
coordinated surveillance of his activities.
Ash systematically describes what he finds in his file, and confronts
the individuals who furnished the information to the government. He
finds that the informers were often blackmailed or otherwise forced
into cooperating with the police. In some cases, individuals became
informants in order to prove their loyalty to the state. Others
became informers because they passionately believed in the socialist
government, and were willing to do anything to ensure the survival of
the system.
Ash was never imprisoned, tortured, or otherwise physically harmed by
the Stasi, aside from being banned from East Germany after he
published an article depicting conditions in the country unfavorably.
Other people met different fates at the hands of the Stasi. Neverthe-
less, Ash expresses compassion for the informers and government agents
who monitored him, noting that he had not found a single "evil" person
in the process of examining his file. Rather, he found that those
involved were "just weak, shaped by circumstance, self-deceiving;
human, all too human. Yet the sum of all their actions was a great
evil."
- Chris Jay Hoofnagle
================================
EPIC Publications:
"The Privacy Law Sourcebook 2002: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2002).
Price: $40. http://www.epic.org/bookstore/pls2002/
The "Physicians Desk Reference of the privacy world." An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.
================================
"FOIA 2002: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40.
http://www.epic.org/bookstore/foia2002/
This is the standard reference work covering all aspects of the
Freedom of Information Act, the Privacy Act, the Government in the
Sunshine Act, and the Federal Advisory Committee Act. The 21st
edition fully updates the manual that lawyers, journalists and
researchers have relied on for more than 25 years. For those who
litigate open government cases (or need to learn how to litigate
them), this is an essential reference manual.
================================
"Privacy & Human Rights 2002: An International Survey of Privacy Laws
and Developments" (EPIC 2002). Price: $25.
http://www.epic.org/bookstore/phr2002/
This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty countries around the world. The survey examines
a wide range of privacy issues including data protection, telephone
tapping, genetic databases, video surveillance, location tracking, ID
systems and freedom of information laws.
================================
"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0/
A collection of essays, studies, and critiques of Internet content
filtering. These papers are instrumental in explaining why filtering
threatens free expression.
================================
"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.
http://www.epic.org/cls/
The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce. The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.
================================
"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:
$20. http://www.epic.org/crypto&/
EPIC's third survey of encryption policies around the world. The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.
================================
EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:
EPIC Bookstore
http://www.epic.org/bookstore/
"EPIC Bookshelf" at Powell's Books
http://www.powells.com/features/epic/epic.html
=======================================================================
[8] Upcoming Conferences and Events
=======================================================================
** Uniting Privacy and the First Amendment in the 21st Century **
May 9-10, 2003
Oakland, CA
EPIC, the First Amendment Project, and the California Office of
Privacy Protection are sponsoring this activist symposium designed to
explore the interplay between privacy and First Amendment rights, with
the goal of developing strategies for optimizing both.
For more information: http://www.epic.org/events/unitingsymposium/
=======================================================================
Mid Canada Information Security Conference. Information Protection
Association of Manitoba. April 30, 2003. Winnipeg, Manitoba, Canada.
For more information: http://www.ipam.mb.ca/mcisc/
Finding Our Digital Voice: Governing in the Information Age. Crossing
Boundaries National Conference. Centre for Collaborative Government.
May 7-9, 2003. Ottawa, Canada. For more information:
http://www.crossingboundaries.ca/conference/
Collecting and Producing Electronic Evidence in Cybercrime Cases.
University of Namur. May 8-9, 2003. Namur, Belgium. For more
information:
http://www.ctose.org/info/events/workshop-8-9-may-2003.html
Little Sister 2003: Community Resistance, Security, Law and
Technology. May 9-11, 2003. Vancouver, British Columbia, Canada. For
more information: http://www.littlesister2003.org/
2003 IEEE Symposium on Security and Privacy. IEEE Computer Society
Technical Committee on Security and Privacy, in cooperation with the
International Association for Cryptologic Research (IACR). May 11-14,
2003. Oakland, CA. For more information:
http://www.ieee-security.org/TC/SP-Index.html
Technologies for Protecting Personal Information. Federal Trade
Commission. Workshop 1: The Consumer Experience. May 14, 2003.
Workshop 2: The Business Experience. June 4, 2003. Washington, DC. For
more information: http://www.ftc.gov/techworkshop/
ITS-2003: Third International Conference on "Information Technologies
and Security." June 23-27, 2003. Partenit, Crimea, Ukraine. For more
information: http://www.itb.conferen.ru/eng/info_e.html
Press Freedom on the Internet. The World Press Freedom Committee. June
26-28, 2003. New York, NY. For more information: <mgreene@wpfc.org>
Building the Information Commonwealth: Information Technologies and
Prospects for Development of Civil Society Institutions in the
Countries of the Commonwealth of Independent States.
Interparliamentary Assembly of the Member States of the Commonwealth
of Independent States (IPA). June 30-July 2, 2003. St. Petersburg,
Russia. For more information: http://www.communities.org.ru/conference/
O'Reilly Open Source Convention. July 7-11, 2003. Portland, OR. For
more information: http://conferences.oreilly.com/oscon/
1st Global Conference: Visions of Humanity in Cyberculture, Cyberpunk
and Science Fiction. August 11-13, 2003. Prague, Czech Republic. For
more information: http://www.inter-disciplinary.net/vhccsf03cfp.htm
Privacy2003. Technology Policy Group. September 30 - October 2, 2003.
Columbus, OH. For more information:
http://www.privacy2000.org/privacy2003/
=======================================================================
Subscription Information
=======================================================================
Subscribe/unsubscribe via Web interface:
http://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news
Subscribe/unsubscribe via e-mail:
To: epic_news-request@mailman.epic.org
Subject: "subscribe" or "unsubscribe" (no quotes)
Automated help with subscribing/unsubscribing:
To: epic_news-request@mailman.epic.org
Subject: "help" (no quotes)
Problems or questions? e-mail <info@epic.org>
Back issues are available at:
http://www.epic.org/alert/
The EPIC Alert displays best in a fixed-width font, such as Courier.
=======================================================================
Privacy Policy
=======================================================================
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities. We do not sell, rent or share our
mailing list. We also intend to challenge any subpoena or other legal
process seeking access to our mailing list. We do not enhance (link
to other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under
"subscription information". Please contact info@epic.org if you would
like to change your subscription e-mail address, if you are
experiencing subscription/unsubscription problems, or if you have any
other questions.
=======================================================================
About EPIC
=======================================================================
The Electronic Privacy Information Center is a public interest
research center in Washington, DC. It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research. For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible. Checks should be made out to "EPIC" and sent to
1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at:
http://www.epic.org/donate/
** Receive a free Observing Surveillance conference poster with
donation of $75 or more! **
Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
Thank you for your support.
---------------------- END EPIC Alert 10.08 ----------------------
.