======================================================================= E P I C A l e r t ======================================================================= Volume 11.05 March 9, 2004 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_11.05.html ====================================================================== Table of Contents ====================================================================== [1] EPIC Files Brief in National DNA Database Case [2] International Privacy Framework Almost Final [3] EPIC Replies to Northwest's Defense of Privacy Policy Breach [4] Electronic Voting Problems Plague Super Tuesday [5] Gov't Seeks Public Comment on Important Privacy Regulations [6] News in Brief [7] EPIC Bookstore: Beyond Genetics [8] Upcoming Conferences and Events ====================================================================== [1] EPIC Files Brief in National DNA Database Case ====================================================================== EPIC has filed an amicus brief in United States v. Kincade, a case in which a parolee is challenging a federal law that requires the production of a DNA sample for a national database operated by the Department of Justice. EPIC's brief agrees that a forced DNA extraction violates an individual's right against unlawful search and seizure in absence of suspicion that the individual has committed another crime. The DNA Analysis Backlog Elimination Act of 2000 provides that the government may take DNA samples from individuals in federal custody and parolees who have committed a qualifying offense. There is no requirement that the government take the DNA only in connection with a specific criminal investigation, or that the government suspect that the individual will commit a crime in the future. Anyone failing to cooperate with the DNA extraction is guilty of a class A misdemeanor and may be imprisoned. The DNA database, known as the Combined DNA Index System or CODIS, includes DNA samples from persons convicted of crimes, crime victims, and unknown DNA from crime scenes. It operates on federal, state and local levels. The government argues that the database is instrumental in solving future crimes and DNA extractions are no more invasive than fingerprinting. EPIC's argument focuses on the false notion that DNA and fingerprinting involve the same privacy concerns. While a fingerprint merely indicates whether an individual has been in a specific location, DNA can reveal health, gender, and familial information, EPIC asserts. Furthermore, because members of the same family have similar DNA patterns, an individual's DNA profile may indirectly implicate a relative. Moreover, EPIC points out, there is no uniform storage policy for DNA samples; rather, each state has a different policy. Not only could samples end up in the hands of researchers, but international cooperation among law enforcement agencies has opened CODIS up to other governments. After a three-judge panel sided with Mr. Kincade last year (2-1), the government appealed and the Ninth Circuit granted a request for a full-panel rehearing of the case. Oral arguments will be heard by the appellate court in late March. EPIC's amicus brief in United States v. Kincade: http://www.epic.org/privacy/genetic/kincade_amicus.pdf For more information about genetic privacy, see EPIC's Genetic Privacy Page: http://www.epic.org/privacy/genetic/ ====================================================================== [2] International Privacy Framework Almost Final ====================================================================== The near final version of privacy guidelines was discussed at a recent meeting of government representatives in the context of the Asia-Pacific Economic Cooperation (APEC). In 2003, the 21 countries composing APEC began drafting a privacy framework modeled after the 1980 Organization for Economic Cooperation and Development (OECD) Privacy Guidelines. The non-binding instrument is aimed at facilitating the flows of individuals' personal information among APEC member states while protecting individuals' privacy interests. It acknowledges the importance of privacy guidelines as a tool to promote effective information privacy protection together with the free flow of information in the Asia Pacific Region in order to improve consumer confidence and ensure the growth of electronic commerce. Before the recent release, the process had been kept secret, limited to consultations with government agencies, and in a few countries (including the United States), with business, legal professional and privacy groups. The APEC Privacy Framework acknowledges that it holds the potential to increase the flow of personal information among APEC trading countries if it can increase individuals' confidence in electronic commerce and in the international transfer of their personal information. The instrument recognizes that confidence could increase if individuals' privacy interests are adequately protected. The current version of the Framework contains nine privacy principles (Preventing Harm; Notice; Collection Limitation; Uses of Personal Information; Choice; Integrity of Personal Information; Security Safeguards; Access and Correction; and Accountability). While similar to the 1980 OECD Privacy Guidelines, some of the principles further weaken them by diluting the substance of individuals' privacy protections. As an example, a new Preventing Harm Principle is treated as equal to other privacy principles even though its purpose might provide opportunities for wholesale exemptions from the other principles. The Choice and Notice principles are similarly weakened by allowing companies not to notify and provide for clear explanations to individuals about their collection, use and disclosure practices when they use information that is publicly available about them. Although strong, the Access and Correction Principle is nevertheless severely limited by an exemption that provides that information should not be disclosed due to legal or commercial proprietary reasons, thereby leaving the door open to potential abuses. Some principles, however, go beyond the OECD Guidelines, as in the case of the Purpose Specification principle (called Uses of Personal Information in the APEC Framework). Although non-binding, the instrument could serve as guidelines that enable multinational companies which collect, process and disclose customers and consumers' personal information to develop and implement uniform internal mechanisms or codes of conduct to adequately protect their privacy. It could also foster the emergence of data protection laws in APEC countries without legal regimes in place. As such, this development may constitute a significant step in the attempt by many countries to develop new guidelines or laws to regulate international transfers of personal information. It could also, however, trigger future trade disputes between APEC countries and the European Union if both economic entities' rules governing international data transfers were to diverge and therefore limit information flows or make them more burdensome. More consultations between governments and other stakeholders have to take place in the coming months on the final form of the Framework. The public is therefore invited to comment on the current draft of the APEC Privacy Framework. Any member of the public interested in having a copy of the latest draft of the APEC Privacy Framework and in making comments can do so by e-mailing Ms. Arrow Augerot at the Department of Commerce (arrow_augerot@ita.doc.gov). More information about APEC meeting documents will soon be available at: http://www.export.gov/apececommerce/ For more information about international privacy, see EPIC's International Privacy Standards Page: http://www.epic.org/privacy/intl/ ====================================================================== [3] EPIC Replies to Northwest's Defense of Privacy Policy Breach ====================================================================== EPIC has filed a reply to Northwest Airlines' attempt to justify its disclosure of millions of passenger records to the federal government in violation of the airline's publicly posted privacy policy, which the airline called "an appropriate instance of industry and government cooperation." Northwest's defense came in response to a complaint EPIC filed in January with the Department of Transportation arguing that the airline committed an unfair and deceptive trade practice when it disclosed millions of passenger records to the government. (See EPIC Alert 11.02.) Northwest claimed that its disclosure was "entirely appropriate" because September 11 diminished "whatever minimal expectation of privacy in air travel [that] existed before." Furthermore, Northwest argued, it did not violate any express assurance made in its privacy policy, and so did not commit an unfair or deceptive trade practice. EPIC's reply asserts that Northwest should not cite the events of 9/11 as an excuse for being dishonest with passengers about what the airline does with their personal information. EPIC notes that the Department of Transportation has a responsibility to enforce representations that airlines make to consumers regarding use of passengers' personal information, and has told the European Union that it will exercise this enforcement authority aggressively. EPIC emphasizes that Northwest assured consumers who provided personal information through the airline's website that they had "complete control" over the use of that information. At no time did Northwest tell passengers that it would disclose personal information to the government without the knowledge or consent of those passengers, despite the fact that the airline expressly and specifically disclosed other uses of passenger information in its privacy policy. Furthermore, after it came to light that JetBlue Airways disclosed passenger information to a Defense Department contractor, a spokesman for Northwest and the airline's CEO assured the public that Northwest would not make such disclosures. For these reasons, EPIC argues, the Transportation Department should investigate the airline's privacy practices and impose appropriate penalties for unfair and deceptive trade practices. EPIC's Reply: http://www.epic.org/privacy/airtravel/nwa_reply.pdf Northwest's Answer: http://www.epic.org/privacy/airtravel/nwa_answer.pdf EPIC's Complaint to the Department of Transportation: http://www.epic.org/privacy/airtravel/nwa_comp.pdf For more information about air travel privacy, see EPIC's Passenger Profiling Page: http://www.epic.org/privacy/airtravel/profiling.html ====================================================================== [4] Electronic Voting Problems Plague Super Tuesday ====================================================================== Early post-March 2 primary election reports offered positive feedback on the functioning of electronic voting technology with only brief mentions of "glitches." However, later reports detailed problems with electronic voting technology including, but not limited to, malfunctions in booting up machines; system server card failures that resulted in hours of delays in getting final vote totals; problems in programming the smart cards used by voters to cast their ballots; and power fluctuations that caused mechanical malfunctions in electronic voting machines. The reports from Super Tuesday are consistent with reports on the use of electronic voting technology from the 2002 primary election season. In Orange County, CA, approximately 7,000 voters where given incorrect computer access codes by poll workers unfamiliar with how the district's electronic voting technology worked, resulting in voters receiving wrong ballots. Voting technology in some Orange County precincts recorded more votes than voters, and other precincts reported lower voter turnouts than usual. As a result of these problems, five of the county's six congressional races, four of its five state Senate elections and five of its nine Assembly contests were affected. Voting delays in Alameda and San Diego counties prompted the San Diego and Imperial Counties' chapter of the American Civil Liberties Union to request a review by a panel of experts, community leaders, and county elections administrators of problems with electronic voting technology experienced in their localities. Other states also encountered complications with electronic voting technology. In Maryland, one polling place switched to paper ballots when its new electronic voting machines did not work. Paper ballots also came in handy at a Georgia polling place when it was discovered that county officials had forgotten to program the encoding devices used to program access cards used by voters to cast ballots. These descriptions of problems with electronic voting machines raise questions about how the technology passed federal and state certification. The machines used in the Super Tuesday elections did pass one or more technical accreditation processes required by old federal and state review statutes. These same machines were later found to have serious security flaws by several independent security reviews. The Help America Vote Act, passed in 2002, was enacted to resolve many problems highlighted by the 2000 Florida General Election, one of which is the technical review of voting machines. The law places the development of standards for electronic voting technology under the direction of the new U.S. Elections Assistance Commission. The law also designates the National Institute of Standards and Technology, under the direction of the new commission, to lead the effort to provide tighter security review and standards development for the manufacture and acquisition of electronic voting technology for use in elections. The institute, which has a long history in standards work, was designated to assist in developing tighter security standard for voting technology used in U.S. elections. However, it received no funding in the 2004 fiscal year for work on electronic voting security and standards development. For more information about electronic voting, see EPIC's Voting Page: http://www.epic.org/privacy/voting/ National Committee for Voting Integrity: http://www.votingintegrity.org/ California voters on their Election Day experience: http://www.calvoter.org/news/blog/index.html The Help America Vote Act is available at: http://www.fec.gov/hava/hava.htm Verifiedvoting.org: http://www.verifiedvoting.org/newsfeed.asp ====================================================================== [5] Gov't Seeks Public Comment on Important Privacy Regulations ====================================================================== Federal government agencies are soliciting public comment on a number of important privacy issues. The Federal Trade Commission has announced a workshop on "Monitoring Software on Your PC: Spyware, Adware, and Other Software," to be held on April 19, 2004. Any member of the public may submit comments on these technologies by sending e-mail to spywareworkshop2004@ftc.gov by March 19, 2004. Separately, legislation to limit spyware has been introduced in the Senate by Senators Burns (R-MT), Wyden (D-OR) and Boxer (D-CA). In the House, Representatives Bono (D-CA) and Towns (D-NY) have been perfecting H.R. 2929, the Safeguard Against Privacy Invasions Act. Several agencies are soliciting comments on "short privacy notices" under the Gramm-Leach-Bliley Act. These are alternative notices that seek to inform individuals of financial services institutions' privacy policies in plain language. The agencies are primarily considering whether to develop a model short notice for financial services institutions to use. Any member of the public may submit comments on proposed form or content of these short notices by sending e-mail to regs.comments@occ.treas.gov by March 29, 2004. The Department of the Treasury is seeking public comment on the use of biometrics to combat identity theft. EPIC testified before Congress in July 2002 that biometrics would not solve the identity theft problem, and would pose new security and privacy risks. EPIC further commented that less invasive and costly policy alternatives, including limiting the use of the Social Security Number, could combat identity theft effectively. Any member of the public may submit comments by sending e-mail to factabiometricstudy@do.treas.gov by April 1, 2004. FTC Public Workshop: Monitoring Software on Your PC: Spyware, Adware, and Other Software: http://www.epic.org/redirect/workshop.html S. 2145, Software Principles Yielding Better Levels of Consumer Knowledge Act: http://thomas.loc.gov/cgi-bin/bdquery/z?d108:s.02145: H.R. 2929, Safeguard Against Privacy Invasions Act: http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.02929: Interagency Proposal to Consider Alternative Forms of Privacy Notices Under the Gramm-Leach-Bliley Act: http://www.epic.org/redirect/notices.html Public Comment on Formulating and Conducting a Study on the Use of Biometrics and Other Similar Technologies to Combat Identity Theft: http://www.epic.org/redirect/biometrics.html EPIC's Testimony on Biometrics and Identity Theft is available at: http://www.epic.org/privacy/biometrics/testimony_071802.html ====================================================================== [6] News in Brief ====================================================================== EPIC SUPPORTS IPv6 DEPLOYMENT On March 8, EPIC filed comments with the U.S. Department of Commerce, urging the deployment and use of strong privacy protecting technologies in IPv6. IPv6 is the protocol that is designed to replace the current network protocol in use on the Internet. IPv6 also promises to extend the Internet into more areas, through support for mobile devices. Because of this potential new reach of the Internet and vulnerabilities in the existing protocol, the IPv6 protocol includes privacy and security enhancing features such as encryption. EPIC recommended that all IPv6 vendors incorporate such privacy protections as standard. EPIC also said that the privacy and security features within IPv6 should not be compromised with vulnerabilities by the application of the Communications Assistance to Law Enforcement Act which would threaten both the security of network communications and the stability of the network architecture. EPIC Comments on IPv6: http://www.epic.org/privacy/internet/PIv6_comments.pdf NTIA Request for Comments on IPv6: http://www.ntia.doc.gov/ntiahome/frnotices/2004/IPv6RFCFinal.htm EPIC LAUNCHES DIPLOMATIC COMMUNICATIONS PAGE EPIC has added a webpage on privacy of diplomatic communications to its website. The page was created in response to the recent revelation that United Nations Secretary General Kofi Annan's telephone communications and private conversations were bugged by the U.S. National Security Agency and the British Government Communications Headquarters. Other United Nations officials, as well as ambassadors to the United Nations, have reported similar eavesdropping by American and British intelligence agencies against them and their countries. EPIC's new Diplomatic Communications Page is available at: http://www.epic.org/privacy/wiretap/diplomatic.html EPIC JOINS COALITION URGING REJECTION OF EU IP ENFORCEMENT DIRECTIVE EPIC has joined an international coalition of civil liberties and consumer groups to oppose the European Union Intellectual Property Rights Enforcement Directive. The directive would create a new "Right of Information" that allows rightsholders to obtain personal information on users of P2P file-sharing software, possibly without judicial review. The proposal would require Internet Service Providers, phone and cable companies, and other third party intermediaries to turn over personal information about their customers, even before there has been a finding of intellectual property infringement or an opportunity for the customer to be heard. The Directive has been rushed through public debate and was sent to the European Parliament without adequate opportunity for comments from the public and stakeholders. The coalition's call for action urges the directive proposal to go through a "Second Reading" procedure where its provisions can be publicly considered. European Digital Rights (EDRi) Press Release on the Coalition: http://www.edri.org/cgi-bin/index?funktion=view&id=000100000134 ACXIOM EXPANDS INTERNATIONAL DATA ACCESS The Wall Street Journal reported last week that information broker Acxiom has acquired a number of international data companies. Acxiom agreed to buy consumer lifestyle database operations covering England, France, Spain and Germany from Seat Pagine Gialle SpA for $37.5 million. Earlier in the year, Acxiom acquired the "Claritas marketing information operations based in England, France, Germany, The Netherlands, Spain, Portugal and Poland, from Dutch marketing and media research giant VNU NV." The purchases raise the risk that Acxiom could become a major provider of international data to the government. Last month, EPIC acquired a document under the Freedom of Information Act from the Department of Defense office that was creating "Total Information Awareness" (see EPIC Alert 11.03). It read in part: "Ultimately, the US may need huge databases of commercial transactions that cover the world or certain areas outside the US. This information provides economic utility, and thus provides two reasons why foreign countries would be interested. Acxiom could build this mega-scale database." Wall Street Journal Article on Acxiom: http://online.wsj.com/article/0,,BT_CO_20040301_004351,00.html DARPA E-mail obtained by EPIC under the Freedom of Information Act: http://www.epic.org/privacy/profiling/tia/darpaacxiom.pdf METRO AG SCALES BACK TRACKING TECHNOLOGY Reeling from an onslaught of criticism by privacy groups, the German company Metro AG is scaling back its ambitious plans to start using radio frequency identification chips in various aspects of its Extra Future Store. The Extra Future Store is an initiative by a consortium of technology providers and the food giant. It was fashioned to test the latest technology in the retail environment. The supermarket had hoped to use the tracking system to verify ages of customers so that DVD trailers could be tailored accordingly. Metro Group Future Store Initiative: http://www.future-store.org For more information about radio frequency identification systems, see EPIC's RFID Page: http://www.epic.org/privacy/rfid GENERAL ACCOUNTING OFFICE REPORTS ON FOIA The General Accounting Office has released a report evaluating trends in annual Freedom of Information Act reports issued by 25 agencies from 2000 to 2002. Congress' investigative office found that from 2000 to 2002, the agencies received and processed an increasing number of FOIA requests, granted or partially granted a greater number of requests each year, and decreased backlogs of requests remaining at the end of each year. The report also showed that the number of FOIA requests denied decreased drastically between 2001 and 2002. Nineteen agencies reported processing expedited requests between 2000 and 2002. The report noted that the Department of Justice took more than 100 days to process some "expedited" requests during each of the three years examined. General Accounting Office, Information Management: Update on Freedom of Information Act Implementation Status (February 2004): http://www.gao.gov/cgi-bin/getrpt?GAO-04-257.pdf Highlights of the Report: http://www.gao.gov/highlights/d04257high.pdf ====================================================================== [7] EPIC Bookstore: Beyond Genetics ====================================================================== Beyond Genetics: Putting the Power of DNA to Work In Your Life, by Glenn McGee (William Morrow, 2003). http://www.powells.com/cgi-bin/biblio?inkey=8-0060008008-0 DNA technology will transform our lives in the 21st Century the way computer technology transformed lives in the 20th Century, asserts Professor Glenn McGee, Associate Director for Education at the Center for Bioethics at the University of Pennsylvania Medical School. In his vision of the future, "it is likely that within three years I can have a portable DNA representation of 'me.' The digitization of my genes will do for genetics what the digitization of music did for entertainment. I will be able to e-mail my genes, to sell them on eBay, to use them as the basis for art and to have them analyzed on the fly on my PalmPilot. The potential for portable, wireless, commodified genomic information is staggering, and the ethical implications cry out for discussion in a public forum." Professor McGee's book, Beyond Genetics, explores profound ethical and philosophical questions raised by advances in genetics. Should we take a particular genetic test when genetic testing becomes more accurate, less expensive and more accessible? How much should we tell others about our genes? Can we tell the difference between gene therapy that might be helpful and gene research that might do more harm than good? Should we risk eating genetically modified food or insist on food that has been produced by traditional means? Should companies be permitted to patent, buy and sell our personal genetic information? Should we plan our future or our children's future based on genetic potential? To what extent should we be able to control the genetic characteristics of our unborn children? Most ethical questions in genetics involve privacy issues. Genetic tests provide information not only about the individual being tested, but also about the individual's biological relatives, who may feel that their privacy is being violated. Telling others about one's genes involves disclosure of highly personal information with consequences that may not be predictable. Research that might result in better drugs or more effective therapies involves large genetic databases that link genetic information with medical histories and lifestyle information, creating a possibility of detailed individual profiles. Using drugs designed for our specific gene set may result in disclosing not only the condition for which the drug is being used, but other predispositions and characteristics responsible for our choice of that particular drug. The issues are complicated because science is ahead of our thinking about its legal and ethical implications. For example, learned commissions in different countries have recommended that DNA databanks should be specially regulated, at least in part because of the concern about the violations of individual privacy that might result from unauthorized access to genetic material. Yet blood and tissue banks that can serve as sources for DNA have existed for decades and continue to exist without being clouded by such worries. According to Professor McGee, commissions, public hearings and "expert genetics" show society's failure to acknowledge that biotechnology has already shifted from basic science to a commercial undertaking and that companies will to a large extent control future development of biotechnology. According to him, the next generation of young people will be as comfortable with "geneware" -- software and hardware to manipulate DNA -- as today's young people are with computer technology and will see many of today's concerns as a reflection of our fear of what we do not understand. The parallel between genetics and computer technology provides a picture of future genetic privacy that is not reassuring. We are only now beginning to realize the full implications of large computerized databases of personal information collected by private companies without regulation. These companies claim to own information about us and claim the right to analyze, sell and use that information without our knowledge and often for purposes we do not approve. Is this really how we want our genetic future to look? As Professor McGee points out, ethical and moral implications of genetic technology cry out for discussion in a public forum. Privacy implications of genetic technology should be a major topic of such discussions. Beyond Genetics provides an interesting, if sometimes irreverent, contribution to this debate. -- Anna Slomovic ================================ EPIC Publications: "The Privacy Law Sourcebook 2003: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2003). Price: $40. http://www.epic.org/bookstore/pls2003/ The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "FOIA 2002: Litigation Under the Federal Open Government Laws," Harry Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40. http://www.epic.org/bookstore/foia2002/ This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 21st edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual. ================================ "Privacy & Human Rights 2003: An International Survey of Privacy Laws and Developments" (EPIC 2002). Price: $35. http://www.epic.org/bookstore/phr2003/ This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty-five countries around the world. The survey examines a wide range of privacy issues including data protection, passenger profiling, genetic databases, video surveillance, ID systems and freedom of information laws. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0/ A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls/ The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/bookstore/crypto00&/ EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore/ "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ====================================================================== [8] Upcoming Conferences and Events ====================================================================== Securing Privacy in the Internet Age. Stanford Law School. March 13-14, 2004. Palo Alto, CA. For more information: http://cyberlaw.stanford.edu/privacysymposium. DIMACS/PORTIA Workshop on Privacy-Preserving Data Mining. Center for Discrete Mathematics & Theoretical Computer Science and the PORTIA Project. Piscataway, NJ. March 15-16, 2004. For more information: http://dimacs.rutgers.edu/Workshops/Privacy/. Sixth Annual National Freedom of Information Day Conference. First Amendment Center, in cooperation with the American Library Association. March 16, 2004. Arlington, VA. E-mail foidayconference@freedomforum.org. Internet Commons Congress. Inflexion Communications and New Yorkers for Fair Use. March 24-25, 2004. Washington, DC. For more information: http://www.internationalunity.org. FRAMED!! How Law Constructs and Constrains Culture. The Center for the Study of the Public Domain at Duke Law School. April 2, 2004. Durham, NC. For more information: http://www.law.duke.edu/cspd/framed.pdfhttp://www.internationalunity.org. Debate on Domestic Spying with EPIC's Marc Rotenberg and Former Deputy Attorney General Victoria Toensing. Justice Talking. April 12, 2004. Philadelphia, PA. For more information: http://www.justicetalking.org. Workshop: Monitoring Software on Your PC: Spyware, Adware, and Other Software. Federal Trade Commission. April 19, 2004. Washington, DC. For more information: http://www.ftc.gov/opa/2004/02/spyware.htm. CFP2004: 14th Annual Conference on Computers, Freedom, and Privacy. Association for Computing Machinery (ACM). April 20-23, 2004. Berkeley, CA. For more information: http://www.cfp2004.org. 29th Annual AAAS Colloquium on Science and Technology Policy. American Association for the Advancement of Science. April 22-23, 2004. Washington, DC. For more information: http://www.aaas.org/spp/rd/colloqu.htm 2004 IEEE Symposium on Security and Privacy. IEEE Computer Society Technical Committee on Security and Privacy, in cooperation with the International Association for Cryptologic Research (IACR). May 9-12, 2004. Oakland, CA. For more information: http://www.cs.berkeley.edu/~daw/oakland04-cfp.html. International Conference on Data Privacy and Security in a Global Society. Wessex Institute. May 11-13, 2004. Skiathos, Greece. For more information: http://www.wessex.ac.uk/conferences/2004/datasecurity04/index.html. The Third Annual Workshop on Economics and Information Security. University of Minnesota Digital Technology Center. May 13-14, 2004. Minneapolis, MN. For more information: http://www.dtc.umn.edu/weis2004. Workshop on Privacy Enhancing Technologies. University of Toronto. May 26-28, 2004. Toronto, Canada. For more information: http://petworkshop.org/2004. RSA Conference 2004. RSA Security. May 31-June 1, 2004. Tokyo, Japan. For more information: http://www.medialive.jp/events/rsa2004/eng/default.html. Fifth Annual Institute on Privacy Law: New Developments & Compliance Issues in a Security-Conscious World. Practising Law Institute. June 7-8, 2004. San Francisco, CA. For more information: http://www.pli.edu. TRUSTe Symposium: Privacy Futures. June 9-11, 2004. International Association of Privacy Professionals. San Francisco, CA. For more information: http://www.privacyfutures.org. Access & Privacy Conference 2004: Sorting It Out. Government Studies, Faculty of Extension. June 10-11, 2004. University of Alberta. Edmonton, Alberta, Canada. For more information: http://www.govsource.net/programs/iapp/conference/main.nclk. 13th Annual CTCNet Conference: Building Connected Communities: The Power of People & Technology. June 11-13, 2004. Seattle, Washington. For more information: http://www2.ctcnet.org/conf/2004/session.asp. Fifth Annual Institute on Privacy Law: New Developments & Compliance Issues in a Security-Conscious World. Practising Law Institute. June 21-22, 2004. New York, NY. For more information: http://www.pli.edu. PORTIA Workshop on Sensitive Data in Medical, Financial, and Content-Distribution Systems. PORTIA Project. July 8-9, 2004. Stanford, CA. For more information: http://crypto.stanford.edu/portia/workshop.html. O'Reilly Open Source Convention. July 26-30, 2004. Portland, OR. For more information: http://conferences.oreilly.com/oscon. First Conference on Email and Anti-Spam. American Association for Artificial Intelligence and IEEE Technical Committee on Security and Privacy. July 30-31, 2004. Mountain View, CA. For more information: http://www.ceas.cc. Crypto 2004: The Twenty-Fourth Annual IACR Crypto Conference. International Association for Cryptologic Research, IEEE Computer Society Technical Committee on Security and Privacy, and the Computer Science Department of the University of California, Santa Barbara. Santa Barbara, CA. August 15-19, 2004. For more information: http://www.iacr.org/conferences/crypto2004. The Right to Personal Data Protection -- the Right to Dignity. 26th International Conference on Data Protection and Privacy Commissioners. September 14-16, 2004. Wroclaw, Poland. For more information: http://www.giodo.gov.pl/252/j/en/. 2004 Telecommunications Policy Research Conference. National Center for Technology & Law, George Mason University School of Law. October 1-3, 2004. Arlington, VA. For more information: http://www.tprc.org/TPRC04/call04.htm. ====================================================================== Subscription Information ====================================================================== Subscribe/unsubscribe via Web interface: http://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert/ The EPIC Alert displays best in a fixed-width font, such as Courier. ====================================================================== Privacy Policy ====================================================================== The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information". Please contact info@epic.org if you would like to change your subscription e-mail address, if you are experiencing subscription/unsubscription problems, or if you have any other questions. ====================================================================== About EPIC ====================================================================== The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, e-mail info@epic.org, http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate/ Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 11.05 ---------------------- .