======================================================================= E P I C A l e r t ======================================================================= Volume 11.10 May 29, 2004 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_11.10.html ====================================================================== Table of Contents ====================================================================== [1] Freedom 2.0 Examines Distributed Democracy [2] Senator Leahy Receives EPIC Champion of Freedom Award [3] Italian Official Offers European Perspective on Privacy [4] Vint Cerf Discusses Privacy and the Internet [5] Oversight Groups Issue Reports on Government Data Mining [6] News in Brief [7] EPIC Bookstore: The Public Voice WSIS Sourcebook [8] Upcoming Conferences and Events ====================================================================== [1] Freedom 2.0 Examines Distributed Democracy ====================================================================== EPIC hosted an international gathering of privacy advocates, academics, technologists, media representatives and policymakers at "Freedom 2.0: Distributed Democracy," held at the Washington Club May 21-22, 2004 in Washington, DC. The two-day policy conference featured panels, keynote presentations, and workshops on wide-ranging topics such as transparency, government oversight, the Public Voice, privacy activism, anonymity and identity, and trustworthy computing. One notable highlight was the panel discussion "Surveillance Post 9-11," which examined where the line should be drawn between the government's need to known and citizens' right to privacy. Jerry Kang, Visiting Professor at Georgetown Law Center, challenged the underlying assumption that knowledge creates security. Kang suggested that social experience dictates what each person perceives as accepted facts, which heavily influences our perceptions of who is or who is not trustworthy. The "in group" and the "out group" categorizations of people within society are often not based on observations unique to each encounter, but may be filtered by complex notions of race, ethnicity, and now religious affiliation. He pointed out that history is a great teacher in this respect and that these lessons can be helpful in directing policy regarding security today. Judith Krug, Director of the American Library Association's Office of Intellectual Freedom, recounted the experience of librarians who have found themselves at the center of the privacy and security debate after the passage of the Patriot Act. Section 215 of the anti-terrorism law forces librarians to comply with FBI agent's request to access library patron files without a court order. The reaction to this provision of the Patriot Act by a majority of librarians has been extremely negative, which prompted Attorney General Ashcroft to characterize them as "hysterical." Dr. Amitai Etzioni, Founder and Director of the Communitarian Network, stated that some issues that are part of the privacy and security debate are discussed only for emotional impact, though members of the audience during the question and answer phase following the panel presentation disagreed that issues should be avoided because they are difficult. Bruce Schneier, Chief Technical Officer of Counterpane Internet Security, offered a technologist's perspective by saying that increasingly automated security needs the active participation of well-trained people. Technology that seeks to anticipate terrorist activity is a very challenging objective. He cautioned that people need to think carefully about the privacy consequences of a technology dependent surveillance society. For a look at the program and other panel topics, see the Freedom 2.0 web site: http://epic04.org/schedule/index.htm ====================================================================== [2] Senator Leahy Receives EPIC Champion of Freedom Award ====================================================================== On May 20, 2004, EPIC honored Senator Patrick Leahy with the Champion of Freedom Award for his work to safeguard civil liberties, protect privacy, and promote open government. Senator Leahy, who hails from Burlington, Vermont, was elected in 1974 to the United States Senate at age 34 -- the youngest senator ever elected from his state. He remains the only Democrat elected to this office from Vermont and is now serving his fifth term. Sometimes referred to as the "cyber senator," Senator Leahy has for years actively promoted legislation associated with the Internet. He was one of the first members of Congress to go online and in 1995 became the second senator to post a homepage. His web site has been consistently lauded as one of the Senate's best. A leading Internet magazine has dubbed Senator Leahy the most "Net-friendly" member of Congress. Senator Leahy has taken the lead on many privacy issues, including Internet and medical records privacy. He held Congress' first hearing in 1994 on privacy issues related to electronic medical records. He is also a champion of open government and worked to update the Freedom of Information Act to ensure public access to government records in new electronic formats. In the immediate aftermath of the 9/11 terrorist attacks, Senator Leahy headed the Senate's negotiations on the anti-terrorism bill that became the USA PATRIOT Act. He added checks and balances to the proposed law to protect civil liberties, as well as provisions which he authored to triple staffing along the US-Canada border, to authorize domestic preparedness grants to states, and to facilitate the hiring of new Federal Bureau of Investigation translators. Senator Leahy's web site: http://leahy.senate.gov ====================================================================== [3] Italian Official Offers European Perspective on Privacy ====================================================================== Italian Privacy Commission official Giovanni Buttarelli delivered a keynote address entitled "Promoting Freedom and Democracy: a European perspective" at "Freedom 2.0: Distributed Democracy." First speaking about some of the differences between the U.S. and EU data protection regimes, Buttarelli explained that the right to data protection in the EU is becoming a statutory requirement, as several EU member states' laws as well as the European Charter of fundamental rights have made it an autonomous right and have committed its safeguard to autonomous and independent authorities, the privacy commissioners. He urged law enforcement authorities to pay greater attention than in the past to how huge databases have to be proportionate to the purposes police and security agencies seek them for, to limit the amount of data collected, the period of data retention, and to determine the entities that can access those data. Talking about hot privacy issues common to the EU and the U.S., Buttarelli argued for a public debate on the Cybercrime Convention now that ratification and transposition into national law are on the agenda of an increasing number of countries. The U.S. government signed the Convention two years ago and its ratification will soon be discussed in the Senate. In this regard, Buttarelli's main critique focused on the fact that signatory countries that do not belong to the Council of Europe (such as the United States) do not have to comply with stringent obligations resulting from international data protection instruments such as the 1981 Council of Europe Convention No. 108 on Privacy. Although contracting parties may make different choices at the national level when transposing the Convention, he said, they will nevertheless be bound to provide mutual assistance to foreign law enforcement authorities. Buttarelli then compared a pending decision by the Council of the EU on passenger screening with the recent EU-US passenger name records (PNR) that the U.S. Department of Homeland Security, the European Commission and the Council of the EU recently brokered. The European proposal better protects travellers' privacy interests, he explained, because it strictly limits the amount of passengers' records disclosed to customs authorities, restricts the collection and use to legitimate and relevant purposes (such as border control), and limits data retention periods to 24 hours. The PNR agreement was likened to a "stillborn child . . . imposed from above" because of a serious lack of institutional cooperation between the European authorities and the European Parliament -- the EU's only elected body. Buttarelli criticized the current agreement as trusting technology and databases to solve problems that require instead wholly different and broad-minded approaches, and made it clear that, while the agreement recognizes on one hand the importance of fundamental rights and freedoms, it does not provide concrete safeguards for these rights. Giovanni Buttarelli's speech is available at: http://www.epic.org/privacy/intl/buttarelli-052104.html For more information about the PNR agreement between the U.S. and EU, see EPIC's EU-US Airline Passenger Data Disclosure Page: http://www.epic.org/privacy/intl/passenger_data.html ====================================================================== [4] Vint Cerf Discusses Privacy and the Internet ====================================================================== Vint Cerf, Chairman of the Internet Corporation for Assigned Names and Numbers (ICANN), spoke recently at "Freedom 2.0: Distributed Democracy." Declan McCullagh, Washington Bureau Chief for News.com, interviewed Cerf, who also took questions from the audience. In his discussion of the future of the Internet, Cerf repeatedly stressed the importance of privacy protection in Internet policy implementation. He began by discussing the growing ICANN budget, since this year the California non-profit is proposing a $16 million budget, almost twice last year's figure. The growth of ICANN is especially notable as the role of the organization itself is constantly called into question. ICANN is increasingly threatened by both intergovernmental policy developments such as the United Nations Internet Governance Working Group (currently being established under the mandate of the World Summit on the Information Society) and by domestic lawsuits, such as one by VeriSign asserting a claim of antitrust violations (which was recently dismissed). Cerf stated the large budget increase was necessary as the issues and procedures the organization manages become more complex, such as the delegation of top-level domains. He stated that while ICANN is growing, the organization is extremely transparent and democratic, always making documents open to the public and available on the web site. Cerf challenged the audience to name a more open organization. A significant portion of Cerf's speech and the discussion period that followed addressed the WHOIS database, a public directory of domain registrant data available and searchable online. Currently, registrants must enter information as personal as name, address, telephone number, and e-mail address in addition to technical contact information, all of which can be found on the public WHOIS database online. Cerf acknowledged the privacy risks of the WHOIS database. Privacy experts warn that in addition to obstructing free speech rights, the availability of this information makes registrants vulnerable to those interested in spamming, committing identity theft, and even stalking. ICANN is currently in the middle of a Policy Development Process with three task forces assigned to create a policy on the WHOIS database. One concern in the policy development is that the WHOIS database may actually violate international data protection laws. At a recent ICANN meeting, a representative from the European Commission suggested that if the original purpose of the WHOIS database is purely technical, the rights of access to and collection of that information pertain solely to that original purpose. In his speech, Cerf confirmed directly that the original purpose of WHOIS was indeed purely technical. This means that under European law, technical users would be the only ones with a legitimate claim to the information. While intellectual property lawyers and law enforcement officials claim the WHOIS database must retain all its current data in its public form as a resource for their investigations, Cerf's confirmation that the WHOIS database was originally created for technical purposes makes it clear that such claims to the database would be inconsistent with its original purpose. Cerf also discussed the upgrade from Internet Protocol version 4 to Internet Protocol version 6, a change that will mean increasing the address space from 32 bits to 128 bits. While this change is positive and even necessary to accommodate additional IP addresses, there has been concern over privacy risks associated with IPv6. The concern is specific to Media Access Control (MAC) and the persistence of a unique MAC identifier. Cerf assured the audience that for IPv6, provisions have been made to enable users to change their MAC address and avoid a persistent unique MAC identifier. Cerf was asked about the application of the FBI's wiretap rules to new Internet services, such as Voice over Internet Protocol. He said at first that it seemed reasonable to apply rules to the Internet similar to those that had been applied to the telephone network, but he asked EPIC Executive Marc Rotenberg for his views. Rotenberg explained that there were two objections to the FBI proposal. First, he explained that when the legislation for the telephone network was considered in 1994, there was a principled objection from privacy experts that federal wiretap law had always regulated government conduct and should not be used to coerce private parties by, for example, requiring telephone companies to make their networks wiretap-friendly. He said that although Congress rejected this view when it passed the Communications Assistance for Law Enforcement Act, it is still the correct interpretation of the Fourth Amendment principles that underpin federal wiretap law. Rotenberg also explained that even though Congress accepted the FBI's argument in 1994 for wiretapping the telephone network, Congress also made clear that the law simply covered telephony and could not be applied prospectively to Internet-based services without further legislation. He described the current efforts of the FBI to push the proposal forward through the Federal Communications Commission as "incredibly ambitious and without legal basis." Cerf concluded the discussion by stating that privacy protection is critical in these areas. He feels this is particularly the case as the online population grows. Cerf commended EPIC for its work protecting the privacy of Internet users over the last 10 years. ICANN: http://www.icann.org For more information about Vint Cerf, see his web site: http://global.mci.com/us/enterprise/insight/cerfs_up For more information about Internet governance, see The Public Voice web site: http://www.thepublicvoice.org ====================================================================== [5] Oversight Groups Issue Reports on Government Data Mining ====================================================================== Two government oversight entities have released reports on the government's use of technology to examine personal information about people to detect suspicious activity, also known as data mining. The General Accounting Office recently issued a survey of data mining projects throughout the government, concluding that data mining activity is expansive. The report found that 52 of the 128 federal agencies currently engage or plan to engage in data mining. Further, of the nearly 200 data mining projects are either underway or planned throughout the federal government, 122 involve the use of personal information, and 46 involve the sharing of personal information among agencies. The report also found that 54 projects utilize personal information provided by privacy companies, 36 of which involved personal information such as credit reports and credit card transactions. Senator Daniel Akaka, the Congressman who requested the study, urged in response to the report, "It is time that we review agency practices and existing law to ensure that the privacy rights of individuals are not violated through the development of new technology." A second report on government data mining was recently released by the Technology and Privacy Advisory Committee, which was established to review Defense Department data mining initiatives after Congress killed funding for the Total Information Awareness program last year. The Committee found that "data mining is a vital tool in the fight against terrorism, but when used in connection with personal data concerning U.S. persons, data mining can present significant privacy issues." Accordingly, the Committee made several recommendations to safeguard civil liberties in Department of Defense data mining programs, such as the establishment of a regulatory framework to govern data mining involving information of U.S. persons and numerous oversight mechanisms. Notably, the Committee also suggested a series of government-wide protections for individuals, such as the passage of laws to protect civil liberties when the government sifts through computer databases containing personal information. The Committee further proposed that federal agencies be required to obtain authorization from a special federal court "before engaging in data mining with personally identifiable information concerning U.S. persons." The General Accounting Office, "Data Mining: Federal Efforts Cover a Wide Range of Uses": http://www.epic.org/privacy/profiling/gao_dm_rpt.pdf The Technology and Privacy Advisory Committee, "Safeguarding Privacy in the Fight Against Terrorism": http://www.epic.org/privacy/profiling/tia/tapac_report.pdf The Technology and Privacy Advisory Committee web site: http://www.sainc.com/tapac/index.asp For more information about the Total Information Awareness program, see EPIC's Total Information Awareness Page: http://www.epic.org/privacy/profiling/tia ===================================================================== [6] News in Brief ====================================================================== COALITION URGES RESTRICTED USE OF MEDICAL DATA IN CREDIT DECISIONS On May 24, 2004, EPIC joined a coalition of privacy advocacy organizations to file comments with five federal agencies which issued a proposed regulation under the Fair and Accurate Credit Transactions Act. The Act, an amendment to the Fair Credit Reporting Act, creates new restrictions on the manner in which creditors, such as banks and credit unions, can obtain and use medical information. Generally, the Act prohibits creditors from obtaining or using medical information about a consumer to determine whether the consumer is eligible for credit. The Act also defines fairly narrow exceptions under which creditors may obtain and use medical information. The coalition supported the regulation's general prohibition on creditors obtaining or using medical information about a consumer in connection with deciding whether the consumer is eligible for credit. The comments urged that financial institutions not be permitted to routinely request consent to obtain medical information and that affiliate sharing be limited. The text of the coalition comments is available at: http://www.epic.org/privacy/medical/facta_comments.pdf For more information about privacy of medical information, see EPIC's Medical Privacy Page: http://www.epic.org/privacy/medical For more information about the Fair Credit Reporting Act, see EPIC's FCRA Page: http://www.epic.org/privacy/fcra ICELAND'S SUPREME COURT STRIKES DOWN HEALTH DATABASE ACT In a landmark decision, Iceland's Supreme Court has ruled that the Health Database Act of 1998 does not comply with the country's constitutional privacy protections. The Act authorized the creation and operation of a centralized database of non-personally identifiable health data, with the aim of increasing knowledge and improving health and health services. The Act was challenged in court by Ragnhildur Gudmundsdottir, who wanted to prevent the transfer of her deceased father's medical records into the database. The Court ruled that Ms. Gudmundsdottir could not opt out of the database on behalf of her father. However, she could prevent the transfer of the records because it is possible to infer information about her from the information related to her father's hereditary characteristics. The Court further ruled that removing or encrypting personal identifiers such as name and address is not sufficient to prevent identification of individuals, who might be identified from a combination of factors such as age, municipality of residence, marital status, education and profession, combined with the specification of a particular medical condition. The Court ruled that the obligation to protect privacy, imposed on the legislature by the Icelandic constitution, could not be replaced by various forms of monitoring entrusted to public agencies and committees. The opinion is available at: http://www.epic.org/privacy/genetic/iceland_opinion.pdf For more information about genetic databanks, see EPIC's Genetic Privacy Page: http://www.epic.org/privacy/genetic SUPREME COURT REFUSES TO HEAR PRIVACY ACT CASES The United States Supreme Court has decided not to review two cases that held that federal agencies' release of personal information did not violate the Privacy Act. In the first case, Robinett v. State Farm Mutual Automobile Insurance Company, the Fifth Circuit Court of Appeals determined that the Department of Veteran Affairs had not "intentionally and willfully, and with flagrant disregard" released Jerry L. Robinett's court-ordered medical records such that he could maintain a lawsuit under the Privacy Act. The Supreme Court also declined to review Buckley v. Meis, a case in which the Ninth Circuit Court of Appeals rejected a claim that a supervisor's intra-agency disclosure that an employee sought assistance from an employee assistance program violated the Privacy Act. The Ninth Circuit concluded that that the agency properly cited an exception to the Privacy Act providing for disclosure to "officers and employees of the agency which maintains the record who have need for the record in the performance of their duties." The Supreme Court's web site: http://www.supremecourtus.gov GMAIL BILL PASSES CA SENATE, PROCEEDS TO ASSEMBLY A weakened version of SB 1822, a bill that originally required consent of both senders and recipients before a company could scan the contents of an e-mail for marketing purposes, passed the California Senate by a 25-8 vote this week. The bill, introduced by Senator Liz Figueroa (D-Fremont), will allow service providers to review e-mail for automated, contemporaneous display of advertisements. Providers cannot retain any personal information derived from the e-mail or allow natural persons to view the messages. The bill also requires providers to delete messages permanently so that they are irretrievable. The text of SB 1822 is available at: http://www.epic.org/redirect/gmail_bill.html TELEMARKETERS APPEAL DO-NOT-CALL DECISION The American Teleservices Association, a trade group representing telemarketers, has petitioned the Supreme Court to review the decision of the 10th Circuit Court of Appeals that upheld the constitutionality of the telemarketing Do-Not-Call Registry (see EPIC Alert 11.04). The Association argues in its petition that commercial speech has increasingly been regulated impermissibly in the name of privacy protection. The government must reply to the petition by June 17, 2004. In recent years, direct marketers and data brokers have appealed many pro-privacy court decisions to the Supreme Court, but none has been granted review. The high court was petitioned unsuccessfully in Moser v. FCC, a case upholding the opt-in provisions of the Telephone Consumer Protection Act; in Trans Union v. FTC, a case upholding the Fair Credit Reporting Act; in Nixon v. American Blast Fax, a case upholding a flat ban on unsolicited fax spam; and in Anderson v. Treadwell, a challenge to a New York "anti-blockbusting" law that allowed homeowners to opt-out of solicitations designed to churn the housing market by highlighting racial influx in the neighborhood. American Teleservices Association Petition on the Do-Not-Call Registry Case: http://www.ataconnect.org/documents/PetitionforWrit.pdf Supreme Court Docket in Mainstream Marketing Services, Inc. v. FTC: http://www.supremecourtus.gov/docket/03-1552.htm AMNESTY INTERNATIONAL RELEASES 2004 ANNUAL REPORT Amnesty International has released a 339-page annual report providing data on human rights violations carried out by governments in 2003 in 155 countries. The 2004 release includes an analysis of the activity of more than 175 armed groups over the previous four years, and denounces them, as well as governments, for unleashing weapons of terror -- direct and indiscriminate attacks and torture -- on civilian populations worlwide. Governments are criticized for committing many of the same violations armed groups employed and for justifying their response as initiatives in the "war on terror." The report is available at: http://web.amnesty.org/report2004/index-eng ====================================================================== [7] EPIC Bookstore: The Public Voice WSIS Sourcebook ====================================================================== The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society (EPIC 2004). http://www.epic.org/bookstore/pvsourcebook The Public Voice WSIS Sourcebook has been compiled to further a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). Beginning in 2003 and continuing through 2005, the UN WSIS will seek the views of national governments, private sector organizations and civil society, on the opportunities presented by information and communications technologies. This publication is intended to promote understanding of the WSIS and encourage greater civil society participation in the current phase of the Summit. The WSIS Sourcebook includes the official UN documents, regional and issue-oriented perspectives, as well as recommendations and proposals for future action. The Public Voice WSIS Sourcebook also provides a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. The Public Voice (www.thepublicvoice.org) is a project of the Electronic Privacy Information Center (EPIC), established to promote public participation in policy making on issues ranging from privacy and free expression to consumer protection and Internet governance. ================================ EPIC Publications: "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, as well as recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2003: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2003). Price: $40. http://www.epic.org/bookstore/pls2003 The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "FOIA 2002: Litigation Under the Federal Open Government Laws," Harry Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40. http://www.epic.org/bookstore/foia2002 This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 21st edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual. ================================ "Privacy & Human Rights 2003: An International Survey of Privacy Laws and Developments" (EPIC 2002). Price: $35. http://www.epic.org/bookstore/phr2003 This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty-five countries around the world. The survey examines a wide range of privacy issues including data protection, passenger profiling, genetic databases, video surveillance, ID systems and freedom of information laws. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/bookstore/crypto00& EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ====================================================================== [8] Upcoming Conferences and Events ====================================================================== RSA Conference 2004. RSA Security. May 31-June 1, 2004. Tokyo, Japan. For more information: http://www.medialive.jp/events/rsa2004/eng/default.html. Fifth Annual Institute on Privacy Law: New Developments & Compliance Issues in a Security-Conscious World. Practising Law Institute. June 7-8, 2004. San Francisco, CA. For more information: http://www.pli.edu. TRUSTe Symposium: Privacy Futures. June 9-11, 2004. International Association of Privacy Professionals. San Francisco, CA. For more information: http://www.privacyfutures.org. The Policy Implications of Open Source Software. Forum on Technology & Innovation. June 10, 2004. Washington, DC. For more information: http://www.tech-forum.org. Access & Privacy Conference 2004: Sorting It Out. Government Studies, Faculty of Extension. June 10-11, 2004. University of Alberta. Edmonton, Alberta, Canada. For more information: http://www.govsource.net/programs/iapp/conference/main.nclk. 13th Annual CTCNet Conference: Building Connected Communities: The Power of People & Technology. June 11-13, 2004. Seattle, WA. For more information: http://www2.ctcnet.org/conf/2004/session.asp. Knowledge Held Hostage? Scholarly Versus Corporate Rights in the Digital Age. Annenberg Public Policy Center and Rice University in association with Public Knowledge and the Center for Public Domain. June 18, 2004. Philadelphia, PA. For more information: http://www.knowledgehostage.org. Fifth Annual Institute on Privacy Law: New Developments & Compliance Issues in a Security-Conscious World. Practising Law Institute. June 21-22, 2004. New York, NY. For more information: http://www.pli.edu. Managing the Privacy Revolution 2004: New Challenges, New Strategies, New Dangers. Privacy & American Business. June 22-24, 2003. Washington, DC. E-mail info at pandab.org. PORTIA Workshop on Sensitive Data in Medical, Financial, and Content-Distribution Systems. PORTIA Project. July 8-9, 2004. Stanford, CA. For more information: http://crypto.stanford.edu/portia/workshop.html. O'Reilly Open Source Convention. July 26-30, 2004. Portland, OR. For more information: http://conferences.oreilly.com/oscon. First Conference on Email and Anti-Spam. American Association for Artificial Intelligence and IEEE Technical Committee on Security and Privacy. July 30-31, 2004. Mountain View, CA. For more information: http://www.ceas.cc. Crypto 2004: The Twenty-Fourth Annual IACR Crypto Conference. International Association for Cryptologic Research, IEEE Computer Society Technical Committee on Security and Privacy, and the Computer Science Department of the University of California, Santa Barbara. Santa Barbara, CA. August 15-19, 2004. For more information: http://www.iacr.org/conferences/crypto2004. The Right to Personal Data Protection -- the Right to Dignity. 26th International Conference on Data Protection and Privacy Commissioners. September 14-16, 2004. Wroclaw, Poland. For more information: http://www.giodo.gov.pl/252/j/en. 2004 Telecommunications Policy Research Conference. National Center for Technology & Law, George Mason University School of Law. October 1-3, 2004. Arlington, VA. For more information: http://www.tprc.org/TPRC04/call04.htm. ====================================================================== Subscription Information ====================================================================== Subscribe/unsubscribe via Web interface: https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ====================================================================== Privacy Policy ====================================================================== The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ====================================================================== About EPIC ====================================================================== The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 11.10 ---------------------- .