======================================================================= E P I C A l e r t ======================================================================= Volume 11.04 February 25, 2004 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_11.04.html ====================================================================== Table of Contents ====================================================================== [1] Supreme Court Sides With Government on Privacy Act Damages [2] Agencies Issue Reports on CAPPS II, JetBlue Disclosure [3] EPIC Testifies on Medical Privacy and Banking [4] EPIC Demands FBI Database Accuracy [5] Courts Reject Business "Free Speech" Challenges to Privacy Law [6] News in Brief [7] EPIC Bookstore: The Patriot Act Game [8] Upcoming Conferences and Events ====================================================================== [1] Supreme Court Sides With Government on Privacy Act Damages ====================================================================== The Supreme Court has ruled in a 6-3 decision that an individual must prove he has suffered actual harm before he can receive a $1,000 minimum award guaranteed by law when the government wrongfully discloses personal information. The case, Doe v. Chao, arose from the Department of Labor's use of miners' Social Security numbers to identify their black lung claims on official agency documents, some of which were made public. Several miners sued the agency, arguing that they were entitled to $1,000 minimum damages from the government provided under the Privacy Act. The United States District Court for the Western District of Virginia found that only one miner, Buck Doe, was entitled to damages because he had shown that he suffered sufficient emotional distress as a result of the disclosure of his Social Security Number to be awarded damages. The United States Court of Appeals for the Fourth Circuit disagreed, concluding that Doe was not entitled to damages under the Privacy Act because he failed to show that any tangible harm resulted from the disclosure of his Social Security Number. EPIC collaborated with numerous consumer and privacy organizations, legal scholars and technical experts to submit a "friend of the court" brief to the Supreme Court on Doe's behalf, arguing that the Privacy Act provides damages for those who suffer "adverse effects," which does not require actual harm. The brief pointed to the dangers of Social Security Number disclosure, the tradition of providing similar awards under other privacy laws, and the history of the Privacy Act to show that actual harm is not necessary to recover the $1,000 award under the Privacy Act. The Supreme Court concluded, however, that an individual must prove actual damages to receive the $1,000 award from the government. Justice Souter (joined by the Chief Justice and Justices O'Connor, Scalia, Thomas, and Kennedy) found that the most straightforward reading of the Privacy Act supported the conclusion that an individual must prove actual harm to collect minimum damages under the Privacy Act, noting that it is unusual for a law not to require proof of harm suffered before an individual is awarded of damages. In a dissenting opinion, Justice Ginsburg (joined by Justices Stevens and Breyer) argued that the majority's interpretation of the law failed to take into account each word of the section of the Privacy Act that provides for damages. Justice Ginsburg pointed out that the majority's decision is at odds with the Office of Management and Budget's guidelines for interpreting the Privacy Act, which were issued just six months after the law was passed. She asserted that the majority's holding encourages individuals to "arrange or manufacture" actual damages, such as paying a fee to run a credit report, in order to be allowed to recover the minimum $1,000 under the Privacy Act. She also noted that the Privacy Act's language is similar to that of other federal laws that do not require proof of actual harm for an individual to collect the minimum award provided under the law. In a separate dissent, Justice Breyer found "no support in any of the statute's basic purposes for the majority's restrictive reading of the damages provision." Doe v. Chao, Supreme Court Docket No. 02-1377: http://www.supremecourtus.gov/opinions/03pdf/02-1377.pdf EPIC's amicus brief filed in Doe v. Chao: http://www.epic.org/privacy/chao/Doe_amicus.pdf For more information about the case, see EPIC's Doe v. Chao Page: http://www.epic.org/privacy/chao/ ====================================================================== [2] Agencies Issue Reports on CAPPS II, JetBlue Disclosure ====================================================================== Two recent agency reports have cast doubt on the future of the Transportation Security Administration's controversial passenger profiling system and detailed the agency's role in the transfer of passenger information to a Defense Department contractor for use in a data mining study. The General Accounting Office has issued a report concluding that numerous problems plague the TSA's Computer-Assisted Passenger Prescreening System (CAPPS II). The report found that TSA has not adequately addressed seven of eight implementation and operational concerns raised by Congress last year, including the accuracy of the data relied on by the system; abuse prevention; overall privacy concerns; and the redress process for people erroneously labeled as a threats or targeted for additional scrutiny. The GAO also expressed uneasiness about the evolution of CAPPS II's stated purpose. The program was initially intended to detect terrorists and keep them off airplanes. In August, however, TSA announced that CAPPS II would also serve as a law enforcement tool to identify individuals wanted for violent crimes. In response to the report, the Department of Homeland Security, TSA's parent agency, noted that CAPPS II is still under development, and remarked that both national and international hurdles to deployment and problem resolution were more complex than the report made clear. The GAO responded that it stands by what it believes to be a fair and accurate assessment of the program. In related news, the Department of Homeland Security's Chief Privacy Officer has released a report criticizing TSA's role in the controversial transfer of JetBlue Airways passenger information to Defense Department contractor Torch Concepts for use in a data mining study. The report finds that, "The TSA employees involved acted without appropriate regard for individual privacy interests or the spirit of the Privacy Act of 1974." The report revealed that a TSA employee sent a written request to JetBlue to ask that the airline provide passenger data to the Department of Defense for use in a military base security project. Acxiom Corporation, a data aggregation company, then actually transferred the passenger information to Torch Concepts. Later, Acxiom sold Torch Concepts additional information on about 40 percent of the JetBlue passengers whose information had already been disclosed. The report noted that "but for the involvement of a few TSA officials in these events, the data would likely not have been shared by jetBlue with the Department of Defense and its contractors." In the wake of the Department of Homeland Security report, EPIC has sent a letter to the Federal Trade Commission urging the agency to sanction JetBlue and Acxiom for their disclosures of passenger information. In September, EPIC submitted a complaint to the Federal Trade Commission alleging that JetBlue and Acxiom committed unfair and deceptive trade practices by disclosing personal information to Torch Concepts in violation of their publicly posted privacy policies. The agency has not announced whether any action has been taken in response to the complaint. The General Accounting Office's Report on CAPPS II: http://www.epic.org/privacy/airtravel/gao-capps-rpt.pdf The Homeland Security Privacy Office Report to the Public on Events Surrounding the JetBlue Data Transfer: http://www.epic.org/privacy/airtravel/jetblue/dhs_report.pdf EPIC's Letter to the FTC: http://www.epic.org/privacy/airtravel/jetblue/FTC_letter.html EPIC's Complaint Against JetBlue and Acxiom to the FTC: http://www.epic.org/privacy/airtravel/jetblue/ftccomplaint.html For more information about air travel privacy, see EPIC's Passenger Profiling Page: http://www.epic.orgprivacy/airtravel/profiling.html ====================================================================== [3] EPIC Testifies on Medical Privacy and Banking ====================================================================== On February 18, EPIC Senior Fellow Anna Slomovic testified on medical privacy issues in banking transactions before the National Committee on Vital and Health Statistics, the official advisory body to the Secretary of Health and Human Services. Dr. Slomovic discussed the need to improve protection for health information as it moves through the banking system. Dr. Slomovic noted that the banking industry is seeking an exemption from being designated a "covered entity" under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule even when banks perform functions that fall under the definition of health care clearinghouses. Banks are also asking the Department of Health and Human Services to rescind requirements for additional encryption when protected health information flows through the banking transaction network. Dr. Slomovic stated that banks should not be exempt from the full requirements of the Privacy Rule and that the requirement for additional encryption should be maintained. In related medical privacy news, a group of physicians and hospitals has challenged Justice Department subpoenas for medical records of women who have had abortions. The Justice Department wants to examine medical records as part of its defense of the Partial Birth Abortion Ban Act of 2003, which is being challenged on the grounds that it would prevent doctors from performing medically necessary abortions. Two federal courts reached different conclusions about whether hospitals must release records to the Justice Department. U.S. Chief District Judge Charles Kocoras of the Northern District of Illinois, Eastern Division quashed the subpoenas on the grounds that Illinois state law is more stringent than federal privacy protections and prohibits the release of records in the circumstances described in the subpoenas. However, U.S. District Judge Richard Conway Casey of the Southern District of New York ruled that records must be released and that the release does not violate patient privacy if personal information such as patient name, address and social security number is blocked out. Dr. Anna Slomovic's Testimony Before the National Committee on Vital and Health Statistics: http://www.epic.org/privacy/medical/medical_test.html National Abortion Federal v. Ashcroft, Northern District of Illinois, Eastern Division, No. 04-C-55: http://www.epic.org/privacy/medical/naf.pdf For more information about medical privacy protections, see EPIC's Medical Privacy Page: http://www.epic.org/privacy/medical/ ====================================================================== [4] EPIC Demands FBI Database Accuracy ====================================================================== In a recent letter to the Office of Management and Budget, EPIC has urged the agency to require the Federal Bureau of Investigation to follow legal accuracy obligations concerning the National Crime Information Center, the nation's largest criminal record database. The NCIC is the most extensive system of criminal history records in the United States, containing information on more than 52 million individuals and averaging 3.5 million transactions a day. In March 2003, the FBI announced it would no longer follow Privacy Act obligations for NCIC record accuracy, explaining that "it is impossible to determine in advance what information is accurate, relevant, timely and complete." EPIC's letter asserted that the NCIC's inaccuracy threatens to undermine the effectiveness of other government information technology projects. The United States Visitor and Immigrant Status Indicator Technology (US-VISIT), recently launched at 115 airports and 15 seaports, uses information from NCIC and other sources to determine whether visitors traveling to the United States will be permitted into the country. Furthermore, the Transportation Security Administration has considered using NCIC information within the Computer Assisted Passenger Prescreening System (CAPPS II) to determine whether individuals may travel by air. In addition, the FBI has recently expanded the NCIC to contain information indicating whether a DNA profile of an individual exists in the Combined DNA Index System Program, the FBI's DNA profile database. EPIC noted that the addition of new kinds of information to the NCIC will only make the database's inaccurate problems worse. In April 2003, nearly ninety organizations from across the United States urged the OMB to reinstate NCIC accuracy requirements. To date, the agency has taken no action. EPIC's Letter Urging Reinstatement of NCIC Accuracy Requirements: http://www.epic.org/privacy/ncic/NCIC_letter.pdf April 2003 Letter From Nearly Ninety Organizations Urging Reinstatement of NCIC Accuracy Requirements: http://www.epic.org/actions/ncic/ For more information about the NCIC, see EPIC's NCIC Page: http://www.epic.org/privacy/ncic/ ====================================================================== [5] Courts Reject Business "Free Speech" Challenges to Privacy Law ====================================================================== A Vermont Superior Court has upheld the state's opt-in financial privacy regulation against a challenge brought by a group of insurance companies. The companies alleged that the state's regulation exceeded government authority and infringed upon their First Amendment rights to use personal information for marketing. The court held that the state did have authority to regulate privacy practices, noting that financial companies have become "high volume traffickers of consumers' intimate, personal information." Relying upon recent cases that rejected the claim that financial services companies have an unlimited right to sell Social Security Numbers, the Vermont court held that the opt-in regulation did not violate Constitutional norms. The Vermont Attorney General submitted several affidavits discussing the role of privacy protection in the financial services context. In one, an economic consultant retained by Vermont argued that the insurance companies objecting to opt-in "are in essence simply voicing their displeasure at seeing profit opportunities reduced because they may find fewer customers whose private information they can sell." He also explained that an opt-out approach gives financial institutions "a profit incentive to aid inertia as a force that reduces the response rate by creating a confusing, hard-to-read form, by making it difficult to respond, and by emphasizing the costs rather than the benefits of opting out." Indeed, the Vermont insurance companies created notices that were difficult to read. A readability expert hired by the state found in a review of 168 privacy notices that they varied from "very difficult" to "fairly difficult" to read based on the "Flesch Readability Index." He concluded that the "privacy notices are not 'reasonably understandable.' They are difficult to read, requiring a high level of reader skill, far higher than the average 7th grade reading level of the U.S." In a separate case, the U.S. Court of Appeals for the Tenth Circuit has upheld the telemarketing Do-Not-Call Registry against challenges brought by the telemarketing industry. The telemarketers alleged that the Registry infringed free speech rights and that the Federal Trade Commission lacked the authority to create it. The court rejected all the claims and upheld the telemarketing regulations in their entirety: "The national do-not-call registry offers consumers a tool with which they can protect their homes against intrusions that Congress has determined to be particularly invasive. Just as a consumer can avoid door-to-door peddlers by placing a 'No Solicitation' sign in his or her front yard, the do-not-call registry lets consumers avoid unwanted sales pitches that invade the home via telephone, if they choose to do so. We are convinced that the First Amendment does not prevent the government from giving consumers this option." American Council of Life Insurers v. Vermont Department of Banking, Insurance, Securities and Healthcare Administration, Washington Superior Court, No. 56-1-02: http://www.epic.org/privacy/glba/vtprivacy.pdf The Affidavits and Memorandum in Support of the Vermont Opt-In Regulation are available on the EPIC Gramm-Leach-Bliley Page: http://www.epic.org/privacy/glba/ Mainstream Marketing v. FTC, No. 03-1429 (10th Cir. 2004): http://www.epic.org/privacy/telemarketing/03-1429.pdf For more information about the Do-Not-Call Registry, see EPIC's Do-Not-Call Registry Timeline Page: http://www.epic.org/privacy/telemarketing/dnc/ ====================================================================== [6] News in Brief ====================================================================== APPEALS COURT REJECTS MBNA VERIFICATION PRACTICES The United States Court of Appeals for the Fourth Circuit has ruled that creditors must perform "reasonable" investigations after receiving a customer dispute under the Fair Credit Reporting Act. In this case, MBNA America maintained a computerized customer information system that reported that the plaintiff was responsible for $17,000 in credit card charges. The plaintiff had disputed the charges, but MBNA continued to furnish information about the debt to credit reporting agencies. MBNA claimed that the FCRA only required a cursory review of customer disputes, and that the company usually did not analyze documents or any other information outside the computerized customer information system. The Fourth Circuit rejected MBNA's arguments and let stand a $90,000 actual damage award to the plaintiff: "It would make little sense to conclude that, in creating a system intended to give consumers a means to dispute -- and, ultimately, correct -- inaccurate information on their credit reports, Congress used the term 'investigation' to include superficial, unreasonable inquiries by creditors." The case is likely to change dispute processes nationwide by requiring creditors to more fully investigate consumers' claims that incorrect information has been provided to a credit reporting agency. Linda Johnson v. MBNA America, No. 03-1235 (4th Cir. Feb. 11, 2004): http://www.epic.org/privacy/fcra/03-1235.pdf For more information about credit reporting and privacy, see EPIC's Fair Credit Reporting Act Page: http://www.epic.org/privacy/fcra/ FEDERAL PROSECUTOR SUES JUSTICE DEPT. FOR PRIVACY ACT VIOLATIONS Last week, an Assistant U.S. Attorney brought suit against the Attorney General and others at the Justice Department for alleged retaliation in response to the attorney's criticism of underfunding and mismanagement of terrorism investigations. After Congressional inquiry into the Department's oversight, Richard Convertino, a 15-year veteran federal prosecutor, was removed from a high-profile terrorism case that he was spearheading and found himself at the center of an internal investigation for misconduct. Convertino alleges that in retaliation for his cooperation with the Congressional inquiry, the Department leaked to the press the name of a terrorist informant instrumental to his case, and that this action constitutes a violation of the Privacy Act. Complaint in Convertino v. Dep't of Justice (D.D.C. 2004): http://www.epic.org/privacy/terrorism/pros_comp.pdf HOMELAND SECURITY BEGINS SECRET INFRASTRUCTURE DATA COLLECTION The Department of Homeland Security has launched the Protected Critical Infrastructure Information Program, under which electric utilities, chemical companies, railroads, and other private sector companies can volunteer information on infrastructure vulnerabilities in the United States. Such companies manage an estimated 85 percent of the nation's critical infrastructure. All information volunteered under the program will be withheld from the public under a controversial exemption to the Freedom of Information Act that broadly exempts from disclosure any information relating to security flaws and other vulnerabilities in our critical infrastructures. EPIC testified against the exemption in Congressional hearings last year. For more information about critical infrastructure, see EPIC's Critical Infrastructure Protection Page: http://www.epic.org/security/infowar/resources.html ====================================================================== [7] EPIC Bookstore: The Patriot Act Game ====================================================================== The Patriot Act Game, by Lisa Freeland and Steffi Domike. http://www.gotrights.net In this issue of the EPIC Alert, we've extended our traditional book review forum to another medium of civil liberties education: the game. The Patriot Act Game, developed by a Pittsburgh public defender and an artist, was created to educate the public about the Act and its implications as well as other laws post 9-11. The game is full of clever references to post 9-11 developments. For instance, during the course of the game, the "homeland security threat level" rises, each level indicated by the movement of a tiny representation of a roll of duct tape. The goal of the game is to get every player to Freedom Corner before the homeland security threat level reaches "Severe" and before the player who is secretly holding the "Snitch" card turns everyone in to Attorney General John Ashcroft. Players whose game pieces are black, brown or yellow are faced with playing disadvantages in comparison to those who have the red, white, or blue game pieces. The currency of the game is the "freedom fry." Along the way there are four sets of cards players may be instructed to pick from, including "Protest," "Surveillance," "History," and "Justice." Some cards send players to jail, where no visitors or lawyers are allowed, and other cards set them free. Most cards strive to place the USA PATRIOT Act in current and historical perspective. Many of the civil liberties lost since 9-11 are detailed in the "Surveillance" and "Justice" cards as well as in the background information accompanying the instructions. The game illustrates how freedom has been undermined both through the USA PATRIOT Act itself, as well as the resulting hysteria, terrorist rhetoric, and racism that followed the 9-11 attacks. Some of the injustices cited include arrests, detentions and deportations, including patterns of abuse involving specific races and ethnicities. They include increasing surveillance, profiling in job searches, restriction of commercial licenses, obstruction of speech in protests, and surveillance of book reading and art on dorm room walls. Not only does the game educate players on aspects of the USA PATRIOT Act and the decline of civil liberties, it also encourages players to analyze the importance of free speech. "History" and "Protest" cards detail historical figures that attempted to speak out against various systems of power. They highlight individuals and organizations throughout the world that questioned governmental and commercial policies and worked in the name of freedom and human rights. Above the figure's name and description of the speech is the line, "Hero or Terrorist?" It calls attention to the way the term "terrorist" is thrown around freely these days to denigrate opponents. For example, just this week U.S. Education Secretary Rod Paige stated that the National Education Association, the nation's largest teachers' union, is a terrorist organization. Game creators Lisa Freeland and Steffi Domike have succeeded in creating a tool with which to educate the public on matters of great importance and one which allows players to have fun at the same time. The only negative aspect is the time required upon receipt of the game to pull apart the cards and the freedom fries, all of which come attached on perforated sheets. Information and games are available at www.gotrights.net, or by contacting gotrights.net at thepatriotactgame@earthlink.net, or at P.O. Box 81612, Pittsburgh, PA 15217. It is available for sale at a price of $25 for an individual game or for less if purchased in bulk quantities. - Frannie Wellings ================================ EPIC Publications: "The Privacy Law Sourcebook 2003: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2003). Price: $40. http://www.epic.org/bookstore/pls2003/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "FOIA 2002: Litigation Under the Federal Open Government Laws," Harry Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40. http://www.epic.org/bookstore/foia2002/ This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 21st edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual. ================================ "Privacy & Human Rights 2003: An International Survey of Privacy Laws and Developments" (EPIC 2002). Price: $35. http://www.epic.org/bookstore/phr2003/ This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty-five countries around the world. The survey examines a wide range of privacy issues including data protection, passenger profiling, genetic databases, video surveillance, ID systems and freedom of information laws. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls/ The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/bookstore/crypto00&/ EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore/ "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ====================================================================== [8] Upcoming Conferences and Events ====================================================================== Third Conference on Privacy and Public Access to Court Records. Courtroom 21 Project. February 27-28, 2004. Williamsburg, VA. For more information: http://www.courtroom21.net. PKC 2004: International Workshop on Practice and Theory in Public Key Cryptography. Institute for Infocomm Research. March 1-4, 2004. Sentosa, Singapore. For more information: http://pkc2004.lit.org.sg. A Summit on Healthcare Privacy and Data Security: HIPAA and Beyond. Health Care Conference Administrators. March 7-9, 2004. Baltimore, MD. For more information: http://www.hipaasummit.com. Securing Privacy in the Internet Age. Stanford Law School. March 13-14, 2004. Palo Alto, CA. For more information: http://cyberlaw.stanford.edu/privacysymposium. Sixth Annual National Freedom of Information Day Conference. First Amendment Center, in cooperation with the American Library Association. March 16, 2004. Arlington, VA. E-mail foidayconference@freedomforum.org. Workshop: Monitoring Software on Your PC: Spyware, Adware, and Other Software. Federal Trade Commission. April 19, 2004. Washington, DC. For more information: http://www.ftc.gov/opa/2004/02/spyware.htm. CFP2004: 14th Annual Conference on Computers, Freedom, and Privacy. Association for Computing Machinery (ACM). April 20-23, 2004. Berkeley, CA. For more information: http://www.cfp2004.org. 2004 IEEE Symposium on Security and Privacy. IIEEE Computer Society Technical Committee on Security and Privacy, in cooperation with the International Association for Cryptologic Research (IACR). May 9-12, 2004. Oakland, CA. For more information: http://www.cs.berkeley.edu/~daw/oakland04-cfp.html. International Conference on Data Privacy and Security in a Global Society. Wessex Institute. May 11-13, 2004. Skiathos, Greece. For more information: http://www.wessex.ac.uk/conferences/2004/datasecurity04/index.html. The Third Annual Workshop on Economics and Information Security. University of Minnesota Digital Technology Center. May 13-14, 2004. Minneapolis, MN. For more information: http://www.dtc.umn.edu/weis2004. Workshop on Privacy Enhancing Technologies. University of Toronto. May 26-28, 2004. Toronto, Canada. For more information: http://petworkshop.org/2004. Access & Privacy Conference 2004: Sorting It Out. Government Studies, Faculty of Extension. June 10-11, 2004. University of Alberta. Edmonton, Alberta, Canada. For more information: http://www.govsource.net/programs/iapp/conference/main.nclk. O'Reilly Open Source Convention. July 26-30, 2004. Portland, OR. For more information: http://conferences.oreilly.com/oscon. First Conference on Email and Anti-Spam. American Association for Artificial Intelligence and IEEE Technical Committee on Security and Privacy. July 30-31, 2004. Mountain View, CA. For more information: http://www.ceas.cc. Crypto 2004: The Twenty-Fourth Annual IACR Crypto Conference. International Association for Cryptologic Research, IEEE Computer Society Technical Committee on Security and Privacy, and the Computer Science Department of the University of California, Santa Barbara. Santa Barbara, CA. August 15-19, 2004. For more information: http://www.iacr.org/conferences/crypto2004. 2004 Telecommunications Policy Research Conference. National Center for Technology & Law, George Mason University School of Law. October 1-3, 2004. Arlington, VA. For more information: http://www.tprc.org/TPRC04/call04.htm. ====================================================================== Subscription Information ====================================================================== Subscribe/unsubscribe via Web interface: http://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Subscribe/unsubscribe via e-mail: To: epic_news-request@mailman.epic.org Subject: "subscribe" or "unsubscribe" (no quotes) Automated help with subscribing/unsubscribing: To: epic_news-request@mailman.epic.org Subject: "help" (no quotes) Problems or questions? e-mail < info@epic.org > Back issues are available at: http://www.epic.org/alert/ The EPIC Alert displays best in a fixed-width font, such as Courier. ====================================================================== Privacy Policy ====================================================================== The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information". Please contact info@epic.org if you would like to change your subscription e-mail address, if you are experiencing subscription/unsubscription problems, or if you have any other questions. ====================================================================== About EPIC ====================================================================== The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate/ Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 11.04 ---------------------- .