======================================================================= E P I C A l e r t ======================================================================= Volume 11.11 June 10, 2004 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_11.11.html ====================================================================== Table of Contents ====================================================================== [1] EPIC Sues Agencies for Passenger Data Disclosure Info [2] DHS and EU Council Reach Agreement on Airline Passenger Data [3] House Committee Suspends US-VISIT Contract [4] Business Coalition Seeks Change to Junk Fax Regulations [5] ICANN Calls for Comments on WHOIS Process [6] News in Brief [7] EPIC Bookstore: Credit Scores & Credit Reports [8] Upcoming Conferences and Events ====================================================================== [1] EPIC Sues Agencies for Passenger Data Disclosure Info ====================================================================== EPIC filed suit in federal district court yesterday seeking the release of Transportation Security Administration and Department of Justice records concerning the efforts of the agencies to collect airline passenger data from major commercial airlines. The lawsuit challenges the agencies' failure and refusal to expedite the processing of EPIC's Freedom of Information Act (FOIA) requests for the material. The suit stems from four FOIA requests asking the agencies for information about their roles in acquiring passenger data from JetBlue Airways, Northwest Airlines, American Airlines and others. In the past eight months, EPIC has submitted three requests to the Transportation Security Administration for information about its role in JetBlue's disclosure of passenger data to a defense contractor and American's disclosure of passenger data to Transportation Security Administration contractors. The agency has granted expedited processing for all of the requests, but has failed to release the information within twenty days, as required by law. Further, EPIC submitted a FOIA request to the FBI last month asking for information about its collection of a year's worth of passenger information from numerous airlines after 9/11, and requested expedited processing as provided under the FOIA and Department of Justice regulations. The Bureau refused to expedite on the grounds that "the primary activity of EPIC does not appear to be information dissemination," despite the fact that two federal judges have determined otherwise. The FBI also justified its denial by stating that EPIC had not "demonstrated any particular urgency to inform the pubic about the subject matter of [its] request beyond the public's right to know generally." EPIC is seeking a preliminary injunction requiring the Department of Justice, the FBI's parent agency, to process EPIC's request and release the documents as soon as possible. In support of its entitlement to expedited processing, EPIC noted substantial media interest in the FBI's acquisition of passenger information and pointed out that Congress has shown increasing concern about government collection of such data. EPIC also noted that other agencies have granted expedited processing for similar requests, acknowledging that this is a matter about which there is an urgency to inform the public. EPIC's complaint is available at: http://www.epic.org/privacy/airtravelfoia/complaint.pdf EPIC's motion for a preliminary injunction is available at: http://www.epic.org/privacy/airtravelfoia/pi_motion.pdf For more information about passenger data disclosures, see EPIC's Northwest Disclosure Page: http://www.epic.org/privacy/airtravel/nasa ====================================================================== [2] DHS and EU Council Reach Agreement on Airline Passenger Data ====================================================================== On May 28, United States and European Union officials signed an agreement providing for a legal framework to govern the disclosure of European airline passenger data to the Department of Homeland Security's Bureau of Customs and Border Protection. The bilateral agreement centers on the Customs Bureau's use of passenger name record (PNR) data from airline reservation systems. Thirty-four data fields have been specified for disclosure to the U.S. government, including name, dates of travel, phone numbers, emails, credit card numbers, car rental information, hotel reservation details, and contact persons in the U.S., with data to be kept for not more than three and a half years. The agreement restricts use of the data to combating terrorism and "other serious crimes" that are transnational in nature. The data may also be used to test the Transportation Security Administration's controversial second generation Computer Assisted Passenger Prescreening System (CAPPS II) once the system is authorized to test using domestic data. The Customs Bureau also promises certain privacy protections, including restrictions on use of the data by other U.S. agencies. The agreement is the result of more than a year and a half of negotiations between the EU and the U.S. Since March 2003, EU airlines have provided PNR data to the Customs Bureau to comply with U.S. regulations. However, these data transfers likely violate European data protection laws, mainly because they do not provide passengers with a judicially enforceable right to access their personal data and do not ensure truly independent redress, compensation and appeal mechanisms in case of governmental abuse and infringement of passengers' rights. EU member states had agreed not to enforce their national laws pending an adequacy finding by the European Commission that personal data transferred to the Customs Bureau would receive sufficient protection. One main purpose of the new agreement was to resolve this conflict. European Commission officials defend the agreement, arguing that it formalizes privacy protections for PNR data and reflects negotiated concessions limiting the scope and use of such information. They contend that the alternative would have included fewer concessions to data use and greater legal and practical uncertainty about the ongoing data transfers. However, the European Parliament, Article 29 Data Protection Working Party, data protection authorities around the world and privacy experts have expressed deep reservations about the agreement and its effects on Europeans' privacy rights, voting against its approval even though the European Commission considered such disapproval not binding in this case. The European Court of Justice could still invalidate the agreement if requested by the Parliament to review the compatibility of the agreement with the Treaty of the EU and to determine whether the Parliament should have had veto power. The European Commission's adequacy decision, including the U.S. government's Undertakings and the list of 34 PNR data fields to be disclosed to U.S. authorities: http://www.epic.org/redirect/ec_adequacy.html The decision of the Council of the European Union to conclude an agreement with the Department of Homeland Security: http://europa.eu.int/eur-lex/en/com/pdf/2004/com2004_0190en01.pdf The European Parliament's resolution disapproving the agreement: http://www.epic.org/redirect/ep_resolution.html For more information about passenger data sharing, see EPIC's EU-U.S. Airline Passenger Data Disclosure page: http://www.epic.org/privacy/intl/passenger_data.html ====================================================================== [3] House Committee Suspends US-VISIT Contract ====================================================================== The House Appropriations Committee has moved to suspend the Department of Homeland Security's contract with Accenture, a non-U.S. based corporation, for development of the United States Visitor and Immigrant Status Indicator Technology (US-VISIT). The Department last week awarded the company a contract worth up to $10 billion for the expansion of the controversial border security program, which uses photographs and biometrics to track foreign visitors to, from and within the U.S. US-VISIT has already processed more than four million people at the country's busiest air and sea ports, and Department of Homeland Security officials claim to have apprehended over 500 suspected criminals and illegal aliens through the program. US-VISIT has yet to assist in the apprehension of a single suspected or known terrorist. The bid process for the US-VISIT contract was deemed unusual because the government left it to bidders to envision an ideal process for tracking visitors traveling to and from the U.S. Accenture's proposal entailed the creation of "virtual folders" for each visitor that would store visa application information, biometric information, entry and exit dates, and the purpose of the visit. Additional information would be included for student visa holders. Acknowledging that US-VISIT enables the unprecedented integration and sharing of individual information among various agency databases, Accenture also created a position for a chief privacy officer. Indeed, privacy threats posed by the program remain paramount. In February, EPIC urged the Department of Homeland Security to define how Privacy Act obligations affect the program, to consider the significance of international privacy standards in the collection and use of personal information on non-U.S. citizens, and to prohibit the expansion of US-VISIT uses beyond the program's defined mission. These issues remain unresolved. Department of Homeland Security press release on the US-VISIT contract: http://www.epic.org/redirect/dhs_pr.html EPIC comments on US-VISIT: http://www.epic.org/privacy/us-visit/us-visit_comments.pdf For more information about US-VISIT, see EPIC's US-VISIT Page: http://www.epic.org/privacy/us-visit ====================================================================== [4] Business Coalition Seeks Change to Junk Fax Regulations ====================================================================== A massive coalition of business groups is attempting to pass legislation that would weaken protections against unsolicited commercial faxes, also known as "junk faxes." Since the passage of the Telephone Consumer Protection Act of 1991 (TCPA), it has been illegal to send a junk fax without obtaining prior affirmative consent from the recipient. Nevertheless, some junk fax "broadcasters" and others continue to send the messages, transferring the cost of paper and ink to the recipient. As a result of continuing problems with fax broadcasters, and in particular Fax.com, the Federal Communications Commission tightened restrictions on junk faxes last year. The regulations, which do not take effect until 2005, require junk faxers to obtain written consent from recipients prior to sending the messages. Having written evidence of consent is important in enforcement of the regulation, as junk faxers frequently defend their activities by claiming that the recipient opted in to the transmission. Without written consent, the dispute can dissolve into a "he said, she said" situation where the junk faxer will claim that a former owner of the phone number, a family member, or someone else with access to the number provided consent to the unwanted transmissions. The Commission also modified the "existing business relationship" exemption, limiting the time that solicitations could be sent to eighteen months after a purchase or transaction, and three months after a customer makes an inquiry to a business. This limit in time is necessary, as some junk faxers send new messages every day, and the old rule would allow them to continue to do so for perpetuity. The business groups are attempting to eliminate both the requirement for written consent and the time limits associated with the existing business relationship exemption. The bill may also contain provisions allowing non-profit organizations to send junk faxes, and some are lobbying to remove the private right of action and damages provisions from the TCPA. A hearing on the issue will be held Tuesday in the House Energy and Commerce Committee, where legislation effecting the business group's desires has support from both parties. Hearing on junk faxes: http://www.epic.org/redirect/jf_hearing.html For more information about junk faxes, see EPIC's Telemarketing Page: http://www.epic.org/privacy/telemarketing ====================================================================== [5] ICANN Calls for Comments on WHOIS Process ====================================================================== The Internet Corporation for Assigned Names and Numbers (ICANN) has requested public comment on access, data, and accuracy in the WHOIS process. The WHOIS database is a public directory of domain registrant data available and searchable online. Currently, registrants must enter information as personal as name, address, telephone number, and e-mail address in addition to technical contact information, all of which can be found on the public WHOIS database. Last year ICANN established three task forces to develop policy for the WHOIS database. The task forces' preliminary reports, which focus on access, data, and accuracy, were recently released to the public. ICANN now requests public comments on each of the reports. The comment period lasts only from May 28 to June 17, 2004. The Non-Commercial Users Constituency of ICANN strongly encourages the general public, NGOs, non-commercial communities and interested parties to submit comments on each report. The outcome of the WHOIS Policy Development Process will have a significant impact on privacy, civil liberties, and freedom of expression for Internet users. The WHOIS database broadly exposes domain registrants' personal data to a global audience, including criminals and spammers. The Non-Commercial Users Constituency has urged ICANN to limit the use and scope of the WHOIS database to its original purpose, which is the resolution of technical network issues, and to establish strong privacy protections based on internationally accepted privacy standards. This limitation would entail restricting access to the data, minimizing data required, and not penalizing registrants for protecting their personal information by entering an inaccurate home address or telephone number. The Public Voice web site provides detailed information on WHOIS policy development and the comment process. For each of the three task forces, there are links to the preliminary report and the e-mail address for comment submission. There are also position statements by the Non-Commercial Users Constituency, which may be useful in helping to understand the key issues. For more information about WHOIS policy development, see The Public Voice web site: http://www.thepublicvoice.org/news/2004_whoiscomments.html View the task forces' preliminary reports at: http://www.icann.org Submit comments on the preliminary reports at: http://www.thepublicvoice.org/take_action/default.html ===================================================================== [6] News in Brief ====================================================================== CA ATTORNEY GENERAL ACKNOWLEDGES EPIC GMAIL LETTER California Attorney General Bill Lockyer has acknowledged a letter sent by EPIC, Privacy Rights Clearinghouse, and the World Privacy Forum alleging that Google's e-mail scanning Gmail service violates California's strict wiretapping laws. Lockyer wrote: "The potential exposure of Gmail users to liability for violation of Penal Code section 631 is of particular concern, as are the rights of those who are not subscribers to Gmail but who send e-mail to those who are." Lockyer advised that his office will continue to analyze Gmail and that "I understand your position and share many of your concerns." Attorney General Lockyer acknowledgement: http://www.epic.org/privacy/gmail/caagack.pdf Letter to Attorney General Lockyer concerning Gmail: http://www.epic.org/privacy/gmail/agltr5.3.04.html FBI FINGERPRINT ERROR IDENTIFIES INNOCENT MAN AS TERRORIST A federal court recently threw out the government's case against Brandon Mayfield, an American lawyer in Oregon who had been linked by fingerprint identification to the deadly train bombings Madrid, Spain, in March. The court said the FBI had misidentified fingerprints found on a bag of detonators near the train station in Madrid as belonging to Mayfield, though Spanish polive have subsequently matched the prints to an Algerian fugitive. Mayfield was arrested on May 6 as a material witness in the bombings and detained for two weeks. Soon after the court dismissed the case, the FBI offered a rare apology for mistakenly identifying him in connection with the terrorist attack. The error seems to have come initially from the FBI's supercomputer for matching fingerprints and then from the FBI's own analysts. A 37-year-old convert to Islam, Mayfield sharply criticized the government, saying he was targeted because of his faith and calling his time behind bars "humiliating" and "embarrassing." For information about inaccuracies in the FBI's criminal justice database, see EPIC's Joint Letter to Require Accuracy for the National Crime Information Center: http://www.epic.org/privacy/ncic ARTISTS SUBPOENAED IN USA PATRIOT ACT CASE The FBI has served seven artists with subpoenas under the USA PATRIOT Act to appear before a federal grand jury on June 15, 2004. The jury is expected to consider bioterrorism charges against Steven Kurtz, an art professor at the University of Buffalo. Kurtz and two other subpoenaed artists are members of the artists' collective known as Critical Art Ensemble. The collective has used scientific equipment since 1987 to produce art projects related to biotechnology. Kurtz's 2002 exhibit entitled "Molecular Invasion" was a statement against genetically modified crops. According to the subpoenas, the FBI is seeking charges under Section 175 of the US Biological Weapons Anti-Terrorism Act of 1989, which has been expanded by Section 817 of the USA PATRIOT Act. As modified, this law prohibits the possession of "any biological agent, toxin, or delivery system of a type or in a quantity that, under the circumstances, is not reasonably justified by a prophylactic, protective, bona fide research, or other peaceful purpose." Critical Art Ensemble Defense Fund: http://www.caedefensefund.org For more information about The USA PATRIOT Act, see EPIC's USA PATRIOT Act Page: http://www.epic.org/privacy/terrorism/usapatriot CA PUBLIC UTILITY COMMISSION PASSES BILL OF RIGHTS The California Public Utility Commission last week adopted a "Telecommunications Bill of Rights," a set of regulations under development for over three years. Wireless customers benefit from the new rules, which include mandatory notice about rate increases and Internet posting of current tariffs. Previous versions of the rules drafted under the former Public Utility Commissioner required wireless providers to obtain express consent, or "opt-in" consent, before using or selling Customer Proprietary Network Information (CPNI) data about calls made and received. The ruling states that such privacy rules will be revisited but provides no time frame. The wireless telephone industry is expected to vigorously oppose implementation of the new regulations. The ruling is available at: http://www.cpuc.ca.gov/word_pdf/AGENDA_DECISION/36892.pdf For more information about Customer Proprietary Network Information, see EPIC's CPNI Page: http://www.epic.org/privacy/cpni GAO REPORTS ON P2P PIRACY AT COLLEGES AND UNIVERSITIES A May 2004 General Accounting Office report surveying an unrepresentative sample of thirteen colleges and universities across the nation has concluded that most schools feel they are up to the task of combatting copyright piracy on their computer networks. All schools surveyed indicated that they have suffered negative effects of peer-to-peer piracy ranging from network shutdowns to expending additional funds on system management. In response to these problems, the institutions have taken various steps such as conducting awareness programs, limiting file downloads, and warning or banning infringing network users. While the report presents no concrete data on how effective these approaches are in reducing piracy, it does note that the institutions surveyed have some confidence in the efficacy of their countersteps. But many of the solutions the universities have placed their confidence in raise privacy concerns. Measures such as sanctioning users of certain file-sharing applications necessarily involve individual identification of network users. All of the surveyed universities indicated that they have this ability and had used it in the academic year preceding the study (2002-2003). Five universities indicated that they could always track down an individual user accused of copyright violation, while seven stated that individual identifications could be made most of the time. Future stepped-up anti-piracy measures might increase the incidence of such individual identifications. This is especially troubling if there are no safeguards to protect the privacy of network users, essentially opening them up to the discovery of who is listening to, or watching, what, long before it is legally established that they have violated a copyright. The report is available at: http://www.gao.gov/new.items/d04503.pdf ====================================================================== [7] EPIC Bookstore: Credit Scores & Credit Reports ====================================================================== Credit Scores & Credit Reports: How The System Really Works, What You Can Do, by Evan Hendricks (2004). http://www.creditscoresandcreditreports.com Evan Hendricks, Fair Credit Reporting Act expert and veteran editor of the Privacy Times newsletter, has published an authoritative and approachable guide to credit scores and credit reporting. He argues that "the worse your credit score, the more you pay for mortgages, loans, credit cards, and insurance. Conversely, the better your credit score, the more favorable terms you will get on interest rates and premiums." Thus, it is increasingly important that individuals understand their credit scores and the reports from which they are derived. Hendricks explains in detail how the score is computed, the factors involved, and specific actions that affect the score. Hendricks' book gives an excellent overview of a range of existing and emerging credit reporting issues, including account review, the "reinvestigation" process, how to dispute errors on the report, the problem of mixed files, identity theft, how to protect your privacy by opting out of prescreening, the potential for credit scoring having a disparate and unjustified impact against minorities and the poor, and the increasing use of credit scores in automobile insurance. If you advise clients on credit issues or are attempting to rebuild your credit, Hendricks' book should be on your shelf -- right next to your subscription to Privacy Times. -Chris Jay Hoofnagle ================================ EPIC Publications: "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, as well as recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2003: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2003). Price: $40. http://www.epic.org/bookstore/pls2003 The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "FOIA 2002: Litigation Under the Federal Open Government Laws," Harry Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40. http://www.epic.org/bookstore/foia2002 This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 21st edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual. ================================ "Privacy & Human Rights 2003: An International Survey of Privacy Laws and Developments" (EPIC 2002). Price: $35. http://www.epic.org/bookstore/phr2003 This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty-five countries around the world. The survey examines a wide range of privacy issues including data protection, passenger profiling, genetic databases, video surveillance, ID systems and freedom of information laws. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/bookstore/crypto00& EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ====================================================================== [8] Upcoming Conferences and Events ====================================================================== TRUSTe Symposium: Privacy Futures. June 9-11, 2004. International Association of Privacy Professionals. San Francisco, CA. For more information: http://www.privacyfutures.org. The Policy Implications of Open Source Software. Forum on Technology & Innovation. June 10, 2004. Washington, DC. For more information: http://www.tech-forum.org. Access & Privacy Conference 2004: Sorting It Out. Government Studies, Faculty of Extension. June 10-11, 2004. University of Alberta. Edmonton, Alberta, Canada. For more information: http://www.govsource.net/programs/iapp/conference/main.nclk. 13th Annual CTCNet Conference: Building Connected Communities: The Power of People & Technology. June 11-13, 2004. Seattle, WA. For more information: http://www2.ctcnet.org/conf/2004/session.asp. Homeland Security and Civil Liberties. The United States Army War College with the University of Pennsylvania School of Law. June 18, 2004. Philadelphia, PA. For more information: http://www.epic.org/redirect/penn_conf.html. Knowledge Held Hostage? Scholarly Versus Corporate Rights in the Digital Age. Annenberg Public Policy Center and Rice University in association with Public Knowledge and the Center for Public Domain. June 18, 2004. Philadelphia, PA. For more information: http://www.knowledgehostage.org. Fifth Annual Institute on Privacy Law: New Developments & Compliance Issues in a Security-Conscious World. Practising Law Institute. June 21-22, 2004. New York, NY. For more information: http://www.pli.edu. Managing the Privacy Revolution 2004: New Challenges, New Strategies, New Dangers. Privacy & American Business. June 22-24, 2003. Washington, DC. E-mail info at pandab.org. ITU WSIS Thematic Meeting on Countering Spam. International Telecommunication Union and the World Summit on the Information Society. July 7-9, 2004. Geneva, Switzerland. For more information: http://www.itu.int/osg/spu/spam/meeting7-9-04/index.html. PORTIA Workshop on Sensitive Data in Medical, Financial, and Content-Distribution Systems. PORTIA Project. July 8-9, 2004. Stanford, CA. For more information: http://crypto.stanford.edu/portia/workshop.html. O'Reilly Open Source Convention. July 26-30, 2004. Portland, OR. For more information: http://conferences.oreilly.com/oscon. First Conference on Email and Anti-Spam. American Association for Artificial Intelligence and IEEE Technical Committee on Security and Privacy. July 30-31, 2004. Mountain View, CA. For more information: http://www.ceas.cc. Crypto 2004: The Twenty-Fourth Annual IACR Crypto Conference. International Association for Cryptologic Research, IEEE Computer Society Technical Committee on Security and Privacy, and the Computer Science Department of the University of California, Santa Barbara. Santa Barbara, CA. August 15-19, 2004. For more information: http://www.iacr.org/conferences/crypto2004. The Right to Personal Data Protection -- the Right to Dignity. 26th International Conference on Data Protection and Privacy Commissioners. September 14-16, 2004. Wroclaw, Poland. For more information: http://26konferencja.giodo.gov.pl/. 2004 Telecommunications Policy Research Conference. National Center for Technology & Law, George Mason University School of Law. October 1-3, 2004. Arlington, VA. For more information: http://www.tprc.org/TPRC04/call04.htm. Privacy and Security: Seeking the Middle Path. Office of the Information & Privacy Commissioner of Ontario; Centre for Innovation Law and Policy, University of Toronto; and Center for Applied Cryptographic Research, University of Waterloo. Toronto, Ontario, Canada. October 28-29, 2004. For more information: http://www.epic.org/redirect/uwaterloo_conf.html. ====================================================================== Subscription Information ====================================================================== Subscribe/unsubscribe via Web interface: https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ====================================================================== Privacy Policy ====================================================================== The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ====================================================================== About EPIC ====================================================================== The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 11.11 ---------------------- .