EPIC logo

                          E P I C  A l e r t
Volume 10.09                                                May 7, 2003

                           Published by the
             Electronic Privacy Information Center (EPIC)
                           Washington, D.C.

Table of Contents

[1] European Groups Discuss Implications of Passenger Profiling
[2] FISA Surveillance Reached All-Time High in 2002
[3] UNESCO Celebrates Freedom of the Press Worldwide
[4] Congress Holds Oversight Hearing On Data Mining Systems
[5] Rights Experts Release Report Criticizing EU Response to 9/11
[6] News in Brief
[7] EPIC Bookstore: Surveillance & Society
[8] Upcoming Conferences and Events

[1] European Groups Discuss Implications of Passenger Profiling

European Digital Rights (EDRi), a coalition of privacy and civil
liberties organizations in Europe, has started a campaign opposing the
transfer of European air passenger data to the United States.  EDRi is
asking European air travelers to file complaints with their airline
companies in order to discern what personal information of theirs is
being disclosed to the US government, and to write letters to their
national data protection authorities urging them to investigate the
situation.  EDRi argues that the release of this information is a
breach of EU privacy laws.

On May 6, a United States government delegation appeared at a hearing
before the European Parliament in an attempt to demonstrate the
necessity of the Computer Assisted Passenger Pre-screening System
(CAPPS-II).  Numerous questions were asked of the witnesses, such as:

     * Why does the US government need all of the information
       available in the Passenger Name Record (PNR), which can
       include data such as meal preference, credit card number,
       and hotel and car rental information?

     * Why do you plan to retain some passenger data for up to 50

     * How is there no profiling or data mining involved when
       CAPPS-II seems to be such an extensive system?

     * Will Europeans have similar rights to US citizens regarding
       access to and correction of their records?

     * Will judicial remedies be afforded in the case of abuses,
       even though US legislation (such as the Privacy Act) does
       not protect Europeans? and
     * How does the scope of these data requests relate to the
       ultimate goal of securing air travel safety?

Many Members of Parliament found that the Homeland Security repre-
sentatives' answers to these and other questions were insufficient.

Government representatives also referred to "already commercially
available information" as the only source of data to be used in the
database.  However, documents obtained by EPIC under the Freedom of
Information Act have led to discussions about whether such commercial
information on foreigners may have been, at times, illegally collected
by private companies acting as government contractors, as may be the
case with ChoicePoint's recent activity in Central and South America
(see EPIC Alert 10.08).

Meanwhile, the US Bureau of Customs and Border Protection (CBP) and
the European Commission recently discussed a possible solution to
restrict threats to European passenger privacy.  The solution would
call for airlines to create a back-up copy of all passenger data,
filtering out information that CBP did not specifically request, or
sensitive data for which transfer is strictly limited under EU laws. 
The data would then be transferred to CBP, instead of allowing them
full and direct access to the databases.  However, this would impose
high costs for the airlines that US Customs does not want to bear.

EDRi Campaign Web Site:


EPIC's EU/US Passenger Data Disclosure Page:


[2] FISA Surveillance Reached All-Time High in 2002

The number of Foreign Intelligence Surveillance Act (FISA) orders
reached an all-time high in 2002, with 1228 applications presented to,
and approved by, the secret FISA Court.  The calendar year of 1980 was
the first full year that FISA was in effect, during which 319 FISA
applications were presented.  Since FISA went into effect, the Court
has approved all government applications.

During 2002, 1358 total Title III (ordinary law enforcement) appli-
cations were approved and one was denied.  Title III activity reached
an all-time high in 2001, with 1491 total applications approved and
zero denied.  Since 1968, a total of 29,250 Title III applications
have been presented (comprising 9,928 federal applications and 19,322
state applications) and 32 denied.  (Note that not all jurisdictions
have reported their wiretap usage.)

Congress passed FISA in 1978, establishing a separate legal regime for
"foreign intelligence" surveillance.  Title III, the "Wiretap Statute,"
outlines the strict guidelines regulating ordinary law enforcement
surveillance, while FISA regulates the government's collection of
"foreign intelligence" information in furtherance of U.S. counter-
intelligence and anti-terrorism efforts.

FISA was initially limited to electronic eavesdropping and wire-
tapping.  In 1994, it was amended to permit covert physical entries in
connection with "security" investigations, and in 1998, it was amended
to permit pen/trap orders.  FISA, under provisions not reflected in
the recently reported figures, can also be used to obtain a broad
range of business records.

Foreign Intelligence Surveillance Act Orders, 1979-2002:


Title III Wiretap Orders, 1968-2002:




[3] UNESCO Celebrates Freedom of the Press Worldwide

Every year, the United Nations Educational, Scientific and Cultural
Organization (UNESCO) coordinates the observation of World Press
Freedom Day on May 3.  World Press Freedom Day is a day to celebrate
the fundamental principles of press freedom, to evaluate the state of
freedom of the press around the world, to defend the media from
attacks on their independence, and to pay tribute to journalists who
have lost their lives in the exercise of their profession.

The UNESCO/Guillermo Cano World Press Freedom Prize is awarded each
year to honor the work of an individual, organization, or institution
defending or promoting freedom of expression anywhere in the world,
especially if this puts the person’s life at risk.  Israeli journalist
Amira Hass, who has spent the last decade living in and reporting on
the Palestinian Territories for the Israeli daily newspaper Ha’aretz,
was this year's winner.

UNESCO also held a two-day conference titled "Early New Millennium
Challenges" in Kingston, Jamaica.  EPIC Policy Analyst Mihir
Kshirsagar, who coordinates the Public Voice coalition, spoke at the
conference about the development of participative democracy and the
civil society on a panel called "Freedom of Expression in Knowledge
Societies: Opportunities."  Kshirsagar's speech focused on the
important role that new communication technologies can play in
enabling free expression.  He said, "These technologies of freedom
operate by decentralizing sources of information; the aim is to
promote pluralism of expression rather than the dissemination of
preferred ideas."  New communication technologies, which emphasize
peer-to-peer production and distribution of ideas, must be afforded
the same protections by governments that were granted to the press and
broadcast mediums.  UNESCO is uniquely situated to help ensure that
the benefits of these new communication technologies are fully

UNESCO World Press Freedom Day 2003:


Transcript of speech on new communication technologies, by EPIC Policy
Analyst Mihir Kshirsagar:


[4] Congress Holds Oversight Hearing On Data Mining Systems

On May 6, the House Subcommittee on Technology and Information Policy
held an oversight hearing on the data mining systems being used or
considered by three federal agencies.  The Subcommittee heard testi-
mony from Steve McCraw, Assistant Director, Office of Intelligence,
Federal Bureau of Investigation (FBI); Admiral James L. Loy, Director,
Transportation Security Administration (TSA); and Dr. Anthony Tether,
Director, Defense Advanced Research Projects Agency (DARPA).

Mr. McCraw began his testimony by asserting that the FBI’s own data
systems contain information that is legally and lawfully collected,
and that new data mining systems, like the agency's SCOPE project,
will allow analysts to search the agency's existing databases for
links, associations, and relationships among individuals.  McCraw
conceded that the FBI's systems rely in part on data compiled by
public sector companies that are not always accurate.  He testified
that follow-up investigations are often necessary to confirm the
information. Rep. William Clay (D-MO) challenged McCraw on the FBI's
recent decision to lift the data accuracy requirements for the
agency's largest criminal justice database, the NCIC (see EPIC Alert
10.07).  In response, McCraw emphasized the strict guidelines
governing the use of NCIC.  He also agreed to review the matter

Admiral Loy also sought to reassure the Subcommittee about the
accuracy of the TSA's proposed CAPPS-II system that will identify
passengers for additional screening before boarding a plane.  He
testified that the TSA would establish a Passenger Advocate to
investigate passengers' concerns about being identified for pre-
screening, but he conceded that the investigation could take some time
and that it would not always be possible to inform passengers of the
reasons for the additional screening.  Admiral Loy asserted that
unlike the classic definition of "data-mining," CAPPS-II would result
in a "traveler-activated" search.  The traveler's provided name,
address, telephone number, and date of birth would be used first to
authenticate the traveler's identity through public sector databases,
and then would be run through government data systems and assessed a
risk threat score.  Admiral Loy did not specify the risk assessment
techniques, but announced that a new Federal Register notice would be
promulgated soon based on comments the agency received from its first
notice on the program.

Similarly, Dr. Tether used the hearing as an opportunity to address
public concerns about DARPA's Total Information Awareness program
(TIA).  He contrasted TIA with traditional data mining techniques that
comb through large amounts of information to detect previously
unnoticed correlations.  He testified that DARPA is not pursuing such
techniques and instead is developing a different approach to research.
He said that the approach begins with the development of a hypo-
thetical attack scenario, and then leads to the use of data mining to
discover whether patterns of information correlated with that scenario
actually exist.  He stressed that this process would decrease the
threat of erroneously flagging innocent activities and persons as
suspicious, and emphasized that audit techniques would ensure that
data is not used for unauthorized purposes.  When representatives
inquired whether TIA would use consumers' transaction information held
by private companies, Dr. Tether sought to distance the agency from
such potential uses, stating that a researcher hired by DARPA may be
contemplating such practices, but the agency had not yet made any such
formal plans.

Documents obtained by EPIC through an Freedom of Information Act
request, however, reveal that one of TIA’s goals is to develop
"innovative technologies to architect, populate and exploit" reposi-
tories "for combating terrorism."  Repositories were defined as "a new
kind of extremely large, omni-media, virtually-centralized, and
semantically rich information repository that is not constrained by
the limited commercial database products available today."

The Subcommittee plans to reconvene in two weeks to examine the
privacy and civil liberties questions raised by the programs.

EPIC's letter submitted for a hearing on Data Mining, Current
Applications and Future Possibilities:

EPIC's Joint Letter and Online Petition Requiring Accurate Information
in the NCIC:

EPIC's Passenger Profiling Page:

EPIC's Total Information Awareness Page:


[5] Rights Experts Release Report Criticizing EU Response to 9/11

In their first annual report, the European Union Network of Inde-
pendent Experts in Fundamental Rights has raised many negative points
regarding anti-terrorism legislation adopted by EU member states in
response to the events of September 11, 2001.

The report offers six main criticisms of EU and member state anti-
terrorism legislation:

     * Problems regarding the "imprecise" definition in the EU
       Framework Decision on combating terrorism of 13 June 2002;

     * Concern over the European Arrest Warrant (EU Framework
       Decision of 13 June 2002);

     * Failure to ensure data protection in regard to cooperation
       with third states, particularly the United States;

     * EU Recommendation on the development of "terrorist profiles"
       of November 2002;

     * General failure to protect human rights in the adoption of
       "emergency legislation"; and

     * The EU "terrorist lists" and freezing of assets of suspected

The group was set up by the European Commission in September 2002,
following a recommendation from the European Parliament.

The main report is available at:


Thematic report on freedom and security and responses to terrorist


[6] News in Brief

Supreme Court To Hear Crime Scene Photos Case

The Supreme Court announced this week that it will decide whether the
public's right to access government records extends to the release of
crime scene photographs that may implicate privacy interests of the
deceased's family.  The justices voted to consider whether the
government must release post-mortem pictures of former White House
deputy counsel Vincent Foster under the Freedom of Information Act. 
Last year, the Court of Appeals for the Ninth Circuit ordered the
release of four of ten photographs requested by a California attorney.
The attorney has since appealed for the release of the remaining six
photos.  Conversely, the government has urged the Supreme Court to
reverse the lower court ruling so that all ten photographs may be
withheld.  The case will be heard in fall 2003.

  Solicitor General's Petition for Certiorari:


  Attorney Favish's Petition for Certiorari:


Deceptive Fundraisers Not Protected by First Amendment

On Monday, the Supreme Court ruled unanimously that the First
Amendment does not protect telemarketers who deceive potential
contributors about what percentage of their donation will actually go
to charity.  States can now press fraud charges against parties who
engage in this deceptive practice.  In the decision, Justice Ruth
Bader Ginsburg wrote, "[W]hen nondisclosure is accompanied by inten-
tionally misleading statements designed to deceive the listener, the
First Amendment leaves room for a fraud claim."

  Illinois ex rel. Madigan v. Telemarketing Associates, Inc.:


Radio Frequency Identification Chips: Equipped with Kill Switch

According to the Auto ID Center (a group that is helping to develop
the specification for RFID), a "kill switch" will be incorporated into
RFID tags as early as summer 2003.  If retail outfits begin using the
chips to track inventory, consumers are to be asked upon purchase if
they would like to disable the RFID feature.  Industry representatives
believe that a consumer might choose to keep the tag activated, as
there are plans to program some tags to contain useful information
such as wash cycle for a particular garment or cooking time and temp-
erature for a food item.  However, once a tag is disabled, it will be
unable to be reactivated.

  More information about Radio Frequency Identification:

[7] EPIC Bookstore: Surveillance & Society

Surveillance & Society: The fully peer-reviewed transdisciplinary
online surveillance studies journal.  Managing Editor: David Wood.
ISSN: 1477-7487.


Surveillance & Society is a new electronic journal, available free
online, that began publication in 2002.  The journal is a part of a
new international initiative to call wider attention to surveillance
studies within academia and beyond.  

The purpose of this journal is to encourage understanding of approaches
to surveillance in different academic disciplines, publish innovative
and transdisciplinary work on surveillance, promote understanding of
surveillance in wider society, and encourage debate and dissent.

New issues are posted on the Surveillance & Society Web site as they
become available.  In the future, the Web site is also slated to house
a Surveillance Studies Resource Base, including an interactive
"Encyclopedia of Surveillance," and a Discussion Forum, which will be
based on submitted opinion pieces of up to 2000 words.

Interested parties can submit articles for possible inclusion in
Surveillance & Society.  All submissions will be fully peer-reviewed
to the most rigorous quality standards, and unconventional submissions
such as photographic and video work are encouraged.  See the Web site
for details.


EPIC Publications:

"The Privacy Law Sourcebook 2002: United States Law, International
Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2002).
Price: $40. http://www.epic.org/bookstore/pls2002/

The "Physicians Desk Reference of the privacy world."  An invaluable
resource for students, attorneys, researchers and journalists who need
an up-to-date collection of U.S. and International privacy law, as
well as a comprehensive listing of privacy resources.


"FOIA 2002: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40.

This is the standard reference work covering all aspects of the
Freedom of Information Act, the Privacy Act, the Government in the
Sunshine Act, and the Federal Advisory Committee Act.  The 21st
edition fully updates the manual that lawyers, journalists and
researchers have relied on for more than 25 years.  For those who
litigate open government cases (or need to learn how to litigate
them), this is an essential reference manual.

"Privacy & Human Rights 2002: An International Survey of Privacy Laws
and Developments" (EPIC 2002). Price: $25.

This survey, by EPIC and Privacy International, reviews the state of
privacy in over fifty countries around the world.  The survey examines
a wide range of privacy issues including data protection, telephone
tapping, genetic databases, video surveillance, location tracking, ID
systems and freedom of information laws.


"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.


"The Consumer Law Sourcebook 2000: Electronic Commerce and the Global
Economy," Sarah Andrews, editor (EPIC 2000). Price: $40.

The Consumer Law Sourcebook provides a basic set of materials for
consumers, policy makers, practitioners and researchers who are
interested in the emerging field of electronic commerce.  The focus is
on framework legislation that articulates basic rights for consumers
and the basic responsibilities for businesses in the online economy.


"Cryptography and Liberty 2000: An International Survey of Encryption
Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price:
$20. http://www.epic.org/crypto&/

EPIC's third survey of encryption policies around the world.  The
results indicate that the efforts to reduce export controls on strong
encryption products have largely succeeded, although several
governments are gaining new powers to combat the perceived threats of
encryption to law enforcement.
EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:
     EPIC Bookstore

     "EPIC Bookshelf" at Powell's Books

[8] Upcoming Conferences and Events

** Uniting Privacy and the First Amendment in the 21st Century **

May 9-10, 2003
Oakland, CA

EPIC, the First Amendment Project, and the California Office of
Privacy Protection are sponsoring this activist symposium designed to
explore the interplay between privacy and First Amendment rights, with
the goal of developing strategies for optimizing both.

For more information: http://www.epic.org/events/unitingsymposium/


Finding Our Digital Voice: Governing in the Information Age. Crossing
Boundaries National Conference. Centre for Collaborative Government.
May 7-9, 2003. Ottawa, Canada. For more information:

Collecting and Producing Electronic Evidence in Cybercrime Cases.
University of Namur. May 8-9, 2003. Namur, Belgium. For more

Little Sister 2003: Community Resistance, Security, Law and
Technology. May 9-11, 2003. Vancouver, British Columbia, Canada. For
more information: http://www.littlesister2003.org/

2003 IEEE Symposium on Security and Privacy. IEEE Computer Society
Technical Committee on Security and Privacy, in cooperation with the
International Association for Cryptologic Research (IACR). May 11-14,
2003. Oakland, CA. For more information:

Technologies for Protecting Personal Information. Federal Trade
Commission. Workshop 1: The Consumer Experience. May 14, 2003.
Workshop 2: The Business Experience. June 4, 2003. Washington, DC. For
more information: http://www.ftc.gov/techworkshop/

ITS-2003: Third International Conference on "Information Technologies
and Security." June 23-27, 2003. Partenit, Crimea, Ukraine. For more
information: http://www.itb.conferen.ru/eng/info_e.html

Press Freedom on the Internet. The World Press Freedom Committee. June
26-28, 2003. New York, NY. For more information: <mgreene@wpfc.org>

Building the Information Commonwealth: Information Technologies and
Prospects for Development of Civil Society Institutions in the
Countries of the Commonwealth of Independent States.
Interparliamentary Assembly of the Member States of the Commonwealth
of Independent States (IPA). June 30-July 2, 2003. St. Petersburg,
Russia. For more information: http://www.communities.org.ru/conference/

O'Reilly Open Source Convention. July 7-11, 2003. Portland, OR. For
more information: http://conferences.oreilly.com/oscon/

1st Global Conference: Visions of Humanity in Cyberculture, Cyberpunk
and Science Fiction. August 11-13, 2003. Prague, Czech Republic. For
more information: http://www.inter-disciplinary.net/vhccsf03cfp.htm

Integrating Privacy Into Your Overall Business Strategy: Complying
with Privacy Legislation for Competitive Advantage. International
Quality and Productivity Centre (IQPC Canada). July 9-10, 2003.
Toronto, Canada. For more information:

Chaos Communication Camp 2003: The International Hacker Open Air
Gathering. Chaos Computer Club. August 7-10, 2003. Paulshof,
Altlandsberg, Germany. For more information: http://www.ccc.de/camp/

Privacy2003. Technology Policy Group. September 30-October 2, 2003.
Columbus, OH. For more information:

WWW2003: 5th Annual Conference on World Wide Web Applications. 
Department of Information Studies, Rand Afrikaans University, and the
Department of Information Systems and Technology, University of
Durban-Westville. September 10-12, 2003. Durban, South Africa. For
more information: http://www.udw.ac.za/www2003/

Subscription Information
Subscribe/unsubscribe via Web interface:


Subscribe/unsubscribe via e-mail:

     To: epic_news-request@mailman.epic.org
     Subject: "subscribe" or "unsubscribe" (no quotes)

Automated help with subscribing/unsubscribing:

     To: epic_news-request@mailman.epic.org
     Subject: "help" (no quotes)

Problems or questions? e-mail <info@epic.org>

Back issues are available at:

The EPIC Alert displays best in a fixed-width font, such as Courier.
Privacy Policy
The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link
to other databases) our mailing list or require your actual name.
In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under
"subscription information".  Please contact info@epic.org if you would
like to change your subscription e-mail address, if you are
experiencing subscription/unsubscription problems, or if you have any
other questions.
About EPIC
The Electronic Privacy Information Center is a public interest
research center in Washington, DC.  It was established in 1994 to
focus public attention on emerging privacy issues such as the Clipper
Chip, the Digital Telephony proposal, national ID cards, medical
record privacy, and the collection and sale of personal information.
EPIC publishes the EPIC Alert, pursues Freedom of Information Act
litigation, and conducts policy research.  For more information,
e-mail info@epic.org, http://www.epic.org or write EPIC, 1718
Connecticut Ave., NW, Suite 200, Washington, DC 20009.
+1 202 483 1140 (tel), +1 202 483 1248 (fax).
If you'd like to support the work of the Electronic Privacy
Information Center, contributions are welcome and fully
tax-deductible.  Checks should be made out to "EPIC" and sent to
1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009.
Or you can contribute online at:

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the
right of privacy and efforts to oppose government regulation of
encryption and expanding wiretapping powers.
Thank you for your support.
   ---------------------- END EPIC Alert 10.09 ----------------------