======================================================================= E P I C A l e r t ======================================================================= Volume 11.14 July 22, 2004 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_11.14.html ====================================================================== Table of Contents ====================================================================== [1] Ridge Declares CAPPS II Dead; Questions Remain [2] 9/11 Commission Releases Final Report [3] EPIC Testifies in Favor of RFID Privacy [4] Appeals Court Urged to Reverse Ruling on PATRIOT Records [5] EPIC Files Suit for Defense Data Mining Records [6] News in Brief [7] EPIC Bookstore: Privacy in the 21st Century [8] Upcoming Conferences and Events ====================================================================== [1] Ridge Declares CAPPS II Dead; Questions Remain ====================================================================== Department of Homeland Security Secretary Tom Ridge recently indicated that the controversial second generation Computer Assisted Passenger Prescreening System, more commonly known as CAPPS II, has been discontinued. Asked by a reporter whether the program could be considered dead, Ridge mimed driving a stake through its heart and said, "yes." David Stone, acting administrator of the Transportation Security Administration (TSA), days earlier had stated that the agency would not move forward with CAPPS II as originally envisioned, but would be "reshaping and repackaging" the system. Stone acknowledged that CAPPS II's intrusion upon personal privacy contributed to his agency's decision to rework the program. CAPPS II would have relied upon private-sector database companies to identify passengers and perform risk assessments using government databases. Each passenger would have been assigned a risk score that might subject him to heightened security screening or detention. The system would have scanned not only for suspected terrorists, but also for individuals wanted for violent crimes. The government spent more than $100 million to develop the program before its discontinuation. Last year, Congress voted not to provide funding for CAPPS II'S implementation until the General Accounting Office, Congress' investigative arm, could certify that lingering worries about the program had been allayed. The GAO's subsequent report concluded that TSA had failed to address fully seven of eight implementation and operational concerns, including the accuracy of the data relied on by the system; abuse prevention; overall privacy concerns; and the redress process for people erroneously labeled as a threats or targeted for additional scrutiny. Questions remain about TSA's plans for passenger prescreening in the wake of CAPPS II's demise. Ridge indicated a new program with a different name would likely be developed to take the system's place. The General Accounting Office report on CAPPS II: http://www.epic.org/privacy/airtravel/gao-capps-rpt.pdf For more information about CAPPS II, see EPIC's Passenger Profiling page: http://www.epic.org/privacy/airtravel/profiling ====================================================================== [2] 9/11 Commission Releases Final Report ====================================================================== Today the National Commission on Terrorist Attacks Upon the United States, also known as the 9/11 Commission, released its final report on the circumstances surrounding the 9/11 terrorist attacks and provided recommendations to guard against future attacks. "Since the [September 11] plotters were flexible and resourceful, we cannot know whether any single step or series of steps would have defeated them," the unanimous ten-member panel concluded in its executive summary. "What we can say with confidence is that none of the measures adopted by the U.S. government from 1998 to 2001 disturbed or even delayed the progress of the al Qaeda plot. Across the government, there were failures of imagination, policy, capabilities and management." The Commission's 567-page report recommends a major restructuring in the U.S. national security framework, including an executive-level intelligence director to oversee the activities of the CIA, the FBI, and other intelligence agencies. The report also details as many as ten missed opportunities by both the Bush and Clinton administrations to thwart the terrorist hijackings, but stops short of concluding that the attacks could have been prevented. The report also calls for strengthening the ability of the House and Senate intelligence committees to perform their oversight work. The Commission's report recommends that Congress give priority attention to improving the ability of screening checkpoints to detect explosives on passengers. EPIC supports the recommendation to target individuals who may be carrying materials that threaten the safety of airline travel rather than utilizing broad-sweeping profiling or data mining programs. The Commission's report also asserts that responsibility lies with the executive branch to justify the continued use of the USA PATRIOT Act's authorities. The report states, "The burden of proof for retaining a particular governmental power should be on the executive, to explain (a) that the power actually materially enhances security and (b) that there is adequate supervision of the executive's use of the powers to ensure protection of civil liberties. If the power is granted, there must be adequate guidelines and oversight to properly confine its use." The independent, bipartisan 9/11 Commission was established by Congress in late 2002 to investigate the circumstances surrounding the September 11, 2001 terrorist attacks. In public hearings from March 2003 to June 2004, the panel heard from members of the Clinton and Bush administrations, New York City emergency personnel and victims' families. In testimony before the Commission in December 2003, EPIC Executive Director Marc Rotenberg emphasized the important history of privacy protection, the problems with new systems of surveillance, and the specific need to preserve Constitutional checks and balances. EPIC urged the Commission to consider the important role of public oversight in evaluating the federal government's intelligence gathering authority rather than focusing exclusively on Congressional oversight. EPIC also stressed the importance of protecting traditional civil liberties safeguards to ensure that new anti-terrorism legislation develops in accordance with U.S. law and American values concerning privacy and civil liberties. Several of the recommendations of the 9/11 Commision reflected views expressed by EPIC and others. For example, EPIC supports the recommendation to target individuals who may be carrying materials that threaten the safety of airline travel rather than utilizing sweeping profiling or data mining programs. EPIC also supports the recommendation of the Commission that there be a careful review of the USA PATRIOT Act, including an assessment of both whether the Act "actually materially enhances security" and also whether there is adequate supervision to safeguard civil liberties. At the same time, several of the proposals may raise civil liberties and privacy concerns. The Commission calls for the continued expansion of the No-Fly and Automatic Selectee lists even as questions remain about the accuracy and civil liberties impact of passenger profiling. EPIC said, "Significant errors have been found in both the no-fly watchlists and the automatic selectee system. This is a particularly serious problem for U.S. persons who travel within the United States. There should be an independent evaluation of how best to operate these screening systems and still safeguard basic rights." On the proposed expansion of oversight authority by the Intelligence Committees, EPIC noted that "streamlining the oversight of intelligence agencies is sensible," but warned that the Congressional intelligence committees "have a tradition of secrecy and extensive classification that may frustrate public oversight and press reporting on matters of national interest." The 9/11 Commission has recommended the creation of secure identification in the United States with the federal government setting standards for "the issuance of birth certificates, and sources of identification, such as drivers licenses." EPIC commented that "Some steps should be taken to reduce the risk of fraud and identity theft. Identification documents should be made more secure. However, the integration of secure identity cards with interconnected databases raises substantial privacy risks that will require new legislation and new forms of oversight." The 9/11 Commission's final report: http://www.epic.org/privacy/terrorism/911report.pdf EPIC's testimony before the 9/11 Commission: http://www.epic.org/privacy/terrorism/911commtest.pdf For more information about the report, see EPIC's 9/11 Commission page: http://www.epic.org/privacy/terrorism/911comm.html#comment ====================================================================== [3] EPIC Testifies in Favor of RFID Privacy ====================================================================== EPIC Policy Counsel Cédric Laurant recently testified before the House Committee on Energy and Commerce Subcommittee on Commerce, Trade, and Consumer Protection, in a hearing on radio frequency identification (RFID) technology. RFID facilitates the electronic tagging of physical objects for a wide range of applications. Although the use of RFID is likely to increase efficiency in the supply chain and improve management of inventory in retail stores, its use in individual consumer products poses serious privacy implications. Nine witnesses from the RFID and retail industries as well as citizen and consumer advocacy groups testified at the hearing. Representatives from the retail industry, which is beginning to use RFID in supply chains and on a limited basis on individual consumer products, asserted that no legislation is needed to regulate RFID. Wal-Mart's Chief Information Officer dismissed concerns that retailers will gather data about individual consumers, arguing that the technology does not exist to collect such information, and retailers have no interest in data collected through RFID. She further noted that widespread use of RFID tags on consumer products is, in her estimate, at least ten years away. A representative of Procter & Gamble argued that legislation for RFID would be premature because companies are being responsible about data collection. In his testimony, Laurant noted several RFID applications in use today that explicitly feature the tracking and monitoring of individuals and use passive (non-self-powered) tags similar to ones that might be used on consumer products. He also noted that although simple passive RFID tags are not capable of storing data other than their unique Electronic Product Code, a significant portion of data generated over a product's lifetime will be stored in a centrally managed, Internet-accessible database known as the Object Name Service. If information in this database is associated with personally identifiable information, the potential for abuses of consumer data and individual privacy will dwarf that posed by any technology currently in use. EPIC recommended that Congress, in keeping with its tradition of extending privacy rights to new forms of technology, draft legislation targeting the use of RFID in the retail sector. This legislation, based upon guidelines EPIC recently presented at a Federal Trade Commission workshop on RFID, should require clear labeling and easy removal of all RFID tags on consumer-level products. Further, legislation should require users of RFID systems to refrain from linking personally identifiable to RFID tag data whenever possible and only with the individual's written consent. Legislation should also prohibit the tracking or profiling of individuals via RFID in the retail environment. EPIC's testimony to Congress: http://www.epic.org/privacy/rfid/rfidtestimony0704.html EPIC's guidelines for use of RFID technology: http://www.epic.org/privacy/rfid/rfid_gdlnes-062104.pdf For more information about RFID technology, see EPIC's RFID Page: http://www.epic.org/privacy/rfid ====================================================================== [4] Appeals Court Urged to Reverse Ruling on PATRIOT Records ====================================================================== EPIC has submitted a brief to the U.S. Court of Appeals for the D.C. Circuit seeking reversal of a lower court's refusal to expedite processing of a Freedom of Information Act request seeking information about the coordinated lobbying efforts of federal prosecutors to oppose legislation affecting the controversial USA PATRIOT Act. In August 2003, the Executive Office for U.S. Attorneys sent a memorandum to all federal prosecutors, urging them to lobby Congressional representatives in response to a recent vote in the House of Representatives. The House overwhelmingly approved an appropriations bill amendment, known as the Otter Amendment, to deny funding for "sneak and peek" search warrants authorized by the USA PATRIOT Act. The memorandum attracted media attention nationwide and was addressed by major newspaper editorials. In September 2003, EPIC asked the Department of Justice for information about the memorandum and the progress of the prosecutors' lobbying campaign. EPIC also sought expedited processing of the request. The DOJ refused to expedite processing on the grounds that there was no urgency to inform the public about issues raised by the memorandum, and that the memorandum was not a subject of exceptional media interest. EPIC filed suit in federal court, moving for partial summary judgment on the issue of expedited processing. In December 2003, U.S. District Judge James Robertson ruled that EPIC's request was not entitled to expedited processing. EPIC appealed the ruling. In its brief to the Court of Appeals, EPIC argues that at the time of the request, the substantial news media interest in the Otter Amendment and USA PATRIOT Act served as evidence of the matter's exigency to the public. EPIC's request concerned legislation that was the subject of extensive public debate and sought to answer basic questions about government activities central to this discourse. In addition, EPIC argues that delays in processing compromised public participation in the discussion of a controversial policy issue. Because the Otter Amendment was under active legislative consideration, there was a limited window of time during which the requested information could potentially influence an ongoing Congressional debate. EPIC also argues that the prosecutors' lobbying efforts were a matter of widespread and exceptional media interest and raised questions about government integrity. EPIC provided evidence of extensive and geographically diverse news coverage of the lobbying campaign, and showed that the matter had attracted editorial comment in news sources of all sizes. EPIC also argued that the lobbying efforts presented actual questions of government integrity, including the propriety of the prosecutor memorandum and allegations of potential illegality raised by members of Congress. EPIC's appellate brief: http://www.epic.org/open_gov/otter/otter_brief.pdf For more information about the case, see the EPIC v. DOJ Page: http://www.epic.org/open_gov/otter ====================================================================== [5] EPIC Files Suit for Defense Data Mining Records ====================================================================== EPIC has filed a lawsuit against the Department of Defense to force the expedited release of records concerning the Defense Intelligence Agency's use of Verity K2 Enterprise, a program that reportedly mines data from the intelligence community and Internet searches to identify foreign terrorists and U.S. citizens connected to foreign terrorism activities. EPIC's interest in Verity K2 Enterprise was sparked in part by a report made public in May by the Technology and Privacy Advisory Committee (TAPAC), which was established to review Defense Department data mining initiatives after Congress killed funding for the Total Information Awareness program last year. The report concluded that the Defense Department "should safeguard the privacy of U.S. persons when using data mining to fight terrorism," and also urged that "rapid action is necessary to address the host of government programs that involve data mining concerning U.S. persons and to provide clear direction to the people responsible for developing, procuring, implementing, and overseeing those programs." A General Accounting Office report on data mining released shortly thereafter identified Verity K2 Enterprise as one such Defense Department data mining program. In May, EPIC submitted a Freedom of Information Act request seeking the expedited release of all Defense Intelligence Agency records related to Verity K2 Enterprise. In response, the agency merely acknowledged that it had received EPIC's request, effectively denying the request for expedited processing by failing to make a determination within the legally mandated time frame of ten days. EPIC responded to the agency's denial by filing a complaint in the U.S. District Court for the District of Columbia earlier this week. EPIC's complaint: http://www.epic.org/open_gov/verityk2/complaint.pdf The TAPAC report on Defense Department data mining: http://www.sainc.com/tapac/TAPAC_Report_Final_5-10-04.pdf The General Accounting Office report on government data mining activity: http://www.gao.gov/new.items/d04548.pdf For more information about Defense Department data mining, see the EPIC Total Information Awareness Page: http://www.epic.org/privacy/profiling/tia ====================================================================== [6] News in Brief ====================================================================== NEW LAW ADDS TIME TO PRISON SENTENCES FOR IDENTITY THEFT President Bush has signed into law the Identify Theft Penalty Enhancement Act, adding two years to prison sentences for people convicted of using stolen credit card numbers, social security numbers, and other personal information to commit crimes. The new law creates two categories of aggravated identity theft. The first imposes a five-year sentence for identity theft carried out in connection with "terrorist offenses," and the second requires a two-year sentence for identity theft committed in connection with other felonies. The extensive list of crimes that require the sentence increase when combined with identity theft includes mail, bank, or wire fraud, theft from employee benefit plans, and immigration law violations. The bill specifies that the enhanced penalty may not be reduced by judges or made to run concurrently with penalties not related to identity theft. In addition, the new law may be used to prosecute individuals for using false identification documents to receive federal benefits such as Social Security, Medicare, and disability benefits. Identity theft topped the list of consumer fraud complaints to the Federal Trade Commission in 2003, accounting for more than half the complaints tracked by the agency. The Commission recorded 214,905 cases of identity theft in 2003, up from 161,836 in 2002. The U.S. Attorney General's office states that the new law will be used to pursue "phishers" who use fake e-mail addresses and fraudulent websites to fool recipients into divulging personal data such as credit card numbers, account usernames and passwords, and social security numbers. For information about the role of social security numbers in identity theft, see EPIC's Social Security Number Page: http://www.epic.org/privacy/ssn EPIC's testimony to the House Ways and Means Subcommittee on Social Security urging Congress to enact legislative protections for the Social Security Number: http://www.epic.org/privacy/ssn/ssntestimony6.15.04.html MATRIX TO BE REWORKED ON PRIVACY AND LEGAL GROUNDS The Multistate Anti-Terrorism Information Exchange (MATRIX) is being revised in an attempt to address privacy and legal concerns that have led several states to withdraw from the project. Built by a consortium of state law enforcement agencies, MATRIX combines public records and private record data from multiple databases with data analysis tools, providing a wealth of personal information in near-real time. Eight of the original thirteen states in the pilot have dropped out of the program citing privacy problems and the potential for abuse of the system. The remaining states -- Connecticut, Florida, Michigan, Ohio and Pennsylvania -- recently announced a re-engineering effort to alleviate the problem of sending personal data on citizens to the private company Seisint, a practice that violates the states' data protection laws. EPIC's amicus brief before the Supreme Court in Hiibel v. Nevada describing MATRIX: http://www.epic.org/privacy/hiibel/hiibel_amicus.pdf MARYLAND HIGH COURT OKS COMPELLED DNA PRODUCTION The Maryland Court of Appeals has reversed a lower court's decision that it is unconstitutional for the State of Maryland to compel production of a DNA sample for law enforcement purposes unrelated to a particular investigation. In April EPIC submitted a "friend of the court" brief in the case, arguing that it is unconstitutional to compel a DNA sample for the state's DNA database, which in turn feeds into the FBI's vast national DNA database. EPIC pointed out that DNA contains far more information than a fingerprint and that, in the absence of privacy safeguards, a DNA sample collected for one purpose could be used in the future for unrelated purposes. Court order in Maryland v. Raines: http://www.epic.org/privacy/genetic/raines_order.pdf EPIC's amicus brief in Maryland v. Raines: http://www.epic.org/privacy/genetic/raines_amicus.pdf For more information about DNA privacy, see EPIC's Genetic Privacy Page: http://www.epic.org/privacy/genetic SPAMMER CHARGED WITH HACKING ACXIOM DATABASE Scott Levine, a high-level employee of Internet advertising company Snipermail.com, has been charged in a 144-count indictment with hacking into a database owned and operated by Acxiom, one of the country's largest data aggregators, and stealing 8.2 gigabytes of personal data between April 2002 and August 2003. The charges against Levine include conspiracy, unauthorized access of a protected computer, access device fraud, money laundering and obstruction of justice. The data, acquired through 137 separate intrusions, was allegedly used by Snipermail.com to conduct spamming campaigns. The case stems from an investigation conducted last July into an unrelated matter that resulted in the indictment an Ohio man who was also accused of stealing personal data from Acxiom. Department of Justice press release: http://www.usdoj.gov/opa/pr/2004/July/04_crm_501.htm COMMERCE DEPT. APPOINTS CHIEF PRIVACY OFFICER The U.S. Department of Commerce has announced the appointment of Dan Caprio as the agency's new Chief Privacy Officer. Caprio currently serves as a deputy assistant secretary for technology policy, and will continue to do so alongside his new role as privacy officer. Caprio will oversee all Commerce Department activities involving the development and implementation of federal privacy laws, policies and practices. Before joining the Commerce Department, Caprio was principal technology policy adviser at the Federal Trade Commission, participated in a working group to revise Organization for Economic Cooperation and Development guidelines for IT security, and served as co-chairman of the National Cyber Security Partnership Awareness Task Force. Statement by Commerce Secretary Donald L. Evans on Caprio's appointment: http://www.epic.org/redirect/caprio.html ====================================================================== [7] EPIC Bookstore: Privacy in the 21st Century ====================================================================== Privacy in the 21st Century, Daren Bakst and Sylvia Burgess, eds. (CLHE 2004). https://www.clhe.org/privacy21stcentury The Council on Law in Higher Education has published a new book for educators and administrators interested in privacy issues. Privacy in the 21st Century is the first installment of an annual publication that will address a wide range of privacy issues relevant in the college and university setting. This first edition contains papers on law enforcement requests for personal information under the USA PATRIOT Act, identity theft, the Family Educational Rights and Privacy Act, and media access to student records. It also contains a paper by EPIC Associate Director Chris Hoofnagle covering college and university student privacy issues. In it, Hoofnagle argues that privacy is important for student safety, the development of autonomy, and for academic freedom. He explains that institutions can be more privacy-sensitive by taking steps to reduce reliance on Social Security Numbers, limiting marketing on campus, avoiding biometric identification systems, encouraging good password habits, providing avenues of anonymous expression, and reviewing network monitoring practices. Hoofnagle's paper calls attention to the rise of the use of student identification cards for access to all campus services. These systems create ubiquitous student tracking infrastructures and acclimate young people to lifestyle where carrying identification is always necessary. Additionally, certain systems such as BlackBoard's Bb One track and control students' purchases and enable direct marketing to students and parents. ================================ EPIC Publications: "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, as well as recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2003: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2003). Price: $40. http://www.epic.org/bookstore/pls2003 The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "FOIA 2002: Litigation Under the Federal Open Government Laws," Harry Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40. http://www.epic.org/bookstore/foia2002 This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 21st edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual. ================================ "Privacy & Human Rights 2003: An International Survey of Privacy Laws and Developments" (EPIC 2002). Price: $35. http://www.epic.org/bookstore/phr2003 This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty-five countries around the world. The survey examines a wide range of privacy issues including data protection, passenger profiling, genetic databases, video surveillance, ID systems and freedom of information laws. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/bookstore/crypto00& EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ====================================================================== [8] Upcoming Conferences and Events ====================================================================== O'Reilly Open Source Convention. July 26-30, 2004. Portland, OR. For more information: http://conferences.oreilly.com/oscon. 2004 UK Big Brother Awards. Privacy International. July 28, 2004. London, UK. For more information: http://www.privacyinternational.org/bigbrother/uk2004. First Conference on Email and Anti-Spam. American Association for Artificial Intelligence and IEEE Technical Committee on Security and Privacy. July 30-31, 2004. Mountain View, CA. For more information: http://www.ceas.cc. Crypto 2004: The Twenty-Fourth Annual IACR Crypto Conference. International Association for Cryptologic Research, IEEE Computer Society Technical Committee on Security and Privacy, and the Computer Science Department of the University of California, Santa Barbara. August 15-19, 2004. Santa Barbara, CA. For more information: http://www.iacr.org/conferences/crypto2004. Ninth National HIPAA Summit. September 12-14, 2004. Baltimore, MD. For more information: http://www.HIPAASummit.com. Public Voice Symposium: Privacy in a New Era: Challenges, Opportunities and Partnerships. Electronic Privacy Information Center, European Digital Rights Initiative (EDRi), and Privacy International. September 13, 2004. Wroclaw, Poland. For more information: http://www.thepublicvoice.org/events/wroclaw04/default.html. The Right to Personal Data Protection -- the Right to Dignity. 26th International Conference on Data Protection and Privacy Commissioners. September 14-16, 2004. Wroclaw, Poland. For more information: http://26konferencja.giodo.gov.pl. Health Privacy Seminar. Riley Information Services. September 17, 2004. Ottawa, Ontario. For more information: http://www.rileyis.com/seminars/index.html. Nethead/Bellhead: The FCC Takes on the Internet. Cardozo Law School Florsheimer Center for Constitutional > Democracy and the Yale Law School > Information Society Project. September 28, 2004. New York, NY. For more information: http://www.cardozobellhead.net. 2004 Telecommunications Policy Research Conference. National Center for Technology & Law, George Mason University School of Law. October 1-3, 2004. Arlington, VA. For more information: http://www.tprc.org/TPRC04/call04.htm. Health Privacy Conference. Office of the Information and Privacy Commissioner of Alberta. October 4-5, 2004. Calgary, Alberta, Canada. For more information: http://www.oipc.ab.ca/home/DetailsPage.cfm?ID=1453. Privacy and Identity: The Promise and the Perils of a Technological Age. DePaul University Center for Intellectual Property Law and Information Technology and School of Computer Science, Telecommunications and Information Systems. October 14-15, 2004. Chicago, IL. For more information: http://facweb.cs.depaul.edu/research/vc/CIPLIT2004. IAPP Privacy and Data Security Academy & Expo. International Association of Privacy Professionals. October 27-29, 2004. New Orleans, LA. For more information: http://www.privacyassociation.org/html/conferences.html. Privacy and Security: Seeking the Middle Path. Office of the Information & Privacy Commissioner of Ontario; Centre for Innovation Law and Policy, University of Toronto; and Center for Applied Cryptographic Research, University of Waterloo. Toronto, Ontario, Canada. October 28-29, 2004. For more information: http://www.epic.org/redirect/uwaterloo_conf.html. CFP2005: Fifteenth Annual Conference on Computers, Freedom and Privacy. April 12-15, 2005. Seattle, WA. For more information: http://www.cfp2005.org. ====================================================================== Subscription Information ====================================================================== Subscribe/unsubscribe via web interface: https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ====================================================================== Privacy Policy ====================================================================== The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ====================================================================== About EPIC ====================================================================== The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 11.14 ---------------------- .