======================================================================= E P I C A l e r t ======================================================================= Volume 11.15 August 4, 2004 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_11.15.html ====================================================================== Table of Contents ====================================================================== [1] EPIC Report: Homeland Security Given Census Data on Arab Americans [2] White House Responds to 9/11 Commission Report [3] Court Rejects Agency Effort to Withhold CAPPS II Info From EPIC [4] Agencies Issue Rules on Homeless Tracking; Bank Customer ID [5] Congress Considers Bills to Strengthen E-Mail Privacy [6] News in Brief [7] EPIC Bookstore: A Little Knowledge [8] Upcoming Conferences and Events ====================================================================== [1] EPIC Report: Homeland Security Given Census Data on Arab Americans ====================================================================== EPIC obtained documents through the Freedom of Information Act last week revealing that the Census Bureau gave the Department of Homeland Security statistical information on people who identified themselves on the 2000 census as being of Arab ancestry. The special tabulations were prepared specifically for the law enforcement agency, and do not indicate that similar information about any other ethnic groups was requested. The tabulations apparently include information about United States citizens, as well as individuals of Arab descent whose families have lived in the United States for generations. One tabulation shows cities with populations of 10,000 or more and with 1,000 or more people who indicated they are of Arab ancestry. For each city, the tabulation provides total population, population of Arab ancestry, and percent of the total population which is of Arab ancestry. A second tabulation, more than a thousand pages in length, shows the number of census responses indicating Arab ancestry in zip codes throughout the country. The responses indicating Arab ancestry are subdivided into Egyptian, Iraqi, Jordanian, Lebanese, Moroccan, Palestinian, Syrian, Arab/Arabic, and Other Arab. The heavily redacted documents show that in April 2004, a Census Bureau analyst e-mailed a Department of Homeland Security official and said, "You got a file of Arab ancestry information by ZIP Code Tabulation Area from me last December (2003). My superiors are now asking questions about the usage of that data, given the sensitivity of different data requests we have received about the Arab population." The same day, a Department of Homeland Security Customs and Border Protection official e-mailed the analyst to explain, "At U.S. International airports, U.S. Customs posts signage informing various nationalities of the U.S. Customs regulations to report currency brought into the US upon entry . . . . My reason for asking for U.S. demographic data is to aid the Outbound Passenger Program Officer in identifying which language of signage, based on U.S. ethnic nationality population, would be best to post at the major International airports." During World War II, the Census Bureau provided statistical information to help the War Department round up more than 120,000 innocent Japanese Americans and confine them to internment camps. The tabulations were produced using data from the 2000 census long-form questionnaire, which goes to only a sample of the population. The tabulation figures, therefore, do not provide an entirely accurate representation of the Arab American population. The documents: http://www.epic.org/privacy/census/foia For more information on the census and privacy, see EPIC's Census Privacy Page: http://www.epic.org/privacy/census ====================================================================== [2] White House Responds to 9/11 Commission Report ====================================================================== In a White House Rose Garden speech on Monday, President Bush endorsed two significant recommendations contained in the final report of the National Commission on Terrorist Attacks, also known as the 9/11 Commission: the creation of a national intelligence director and the development of a national counterterrorism center that will operate as "our government's knowledge bank for information about known and suspected terrorists." The final report of the 9/11 Commission calls for a major restructuring of the U.S. national security framework. The 9/11 Commission recommends that a newly appointed Cabinet-level national intelligence director have direct control over the intelligence community's $40 billion annual budget, real power to coordinate the efforts of fifteen government agencies, and veto power over the individuals named to head intelligence agencies. In contrast, under President Bush's plan, the intelligence director would not have full control over budget and hiring matters. White House spokesman Scott McClellan said the Bush administration would provide Congress with more information about the proposal in coming days, including details regarding how much authority over budgetary and personnel matters the new national intelligence director should have. The director would have "significant input" in making budgetary recommendations to the president, according to Andrew Card, White House Chief of Staff. McClellan stated, "The national intelligence director will have the authority he or she needs to do the job." The disagreement over the director's power is likely to be symbolic of the forthcoming public debate over which 9/11 Commission recommendations Congress should enact. Both House and Senate leaders say they want to enact legislation prior to the November presidential election. However, some intelligence officials and civil liberties organizations warn against a Congressional rush to action without careful deliberation. It remains unclear the extent to which the critical government activities of the new counterterrorism center will be subject to public disclosure under the Freedom of Information Act. In addition, questions remain about how the proposed changes would affect federal government data mining efforts at the Department of Defense and other government agencies. In a report released in May 2004 titled "Safeguarding Privacy in the Fight Against Terrorism," the bipartisan Technology and Privacy Advisory Committee, created by Secretary of Defense Donald Rumsfeld, expressed privacy concerns over government data mining efforts. The report concluded that "rapid action is necessary to address the host of government programs that involve data mining concerning U.S. persons." The report recommended that the Defense Department "should safeguard the privacy of U.S. persons when using data mining to fight terrorism." President Bush's remarks on intelligence reform: http://www.whitehouse.gov/news/releases/2004/08/20040802-2.html The 9/11 Commission's final report: http://www.epic.org/privacy/terrorism/911report.pdf EPIC's testimony before the 9/11 Commission: http://www.epic.org/privacy/terrorism/911commtest.pdf For more information about the report, see EPIC's 9/11 Commission page: http://www.epic.org/privacy/terrorism/911comm.html#comment ====================================================================== [3] Court Rejects Agency Effort to Withhold CAPPS II Info From EPIC ====================================================================== A federal district court has refused to allow the Transportation Security Administration (TSA) to withhold factual information within deliberative, nonfinal agency documents concerning the Computer Assisted Passenger Prescreening System (CAPPS II). In August 2003 EPIC requested, among other information, any privacy impact assessments the agency had performed for CAPPS II. The E-Government Act of 2002 requires an agency to perform a privacy impact assessment before developing or procuring information technology that collects, maintains or disseminates identifiable information. TSA agreed to process the documents, but failed to respond to EPIC's request for expedited processing. In September 2003, EPIC applied for an emergency court order requiring TSA immediately to release the requested documents. TSA relented and agreed to process the material by September 25, 2003, five days before public comments were due on TSA's proposed Privacy Act notice for CAPPS II. TSA then refused to release the documents, claiming that they were exempt from disclosure under the Freedom of Information Act because they were not final and because CAPPS II was "still evolving." The agency further maintained that no factual material, which must be disclosed under law, could possibly be released to EPIC because "facts are necessarily inextricably intertwined with policy-making processes," and to release them would "expose the deliberative process." In a 21-page opinion issued on August 2, 2004, Judge Colleen Kollar-Kotelly determined that drafts of privacy impact assessments are protected from disclosure under the Freedom of Information Act, but rejected the government's claim that no factual material could be separated from exempt material. Noting that the government failed to satisfy its burden to "specify in detail which portions of the document are disclosable and which are allegedly exempt," Judge Kollar-Kotelly concluded that if the agency's "stated rationale, without further detail or explanation, could be the sole justification for non-segregability, the segregability requirement . . . would be gutted. . . . This Circuit has expressly provided that such conclusory language is insufficient to justify a finding of non-segregability." Judge Kollar-Kotelly has ordered the agency to review the documents again for factual information that can be separated from protected material, or to explain to the court why it is unable to do so. The order comes just days after the Department of Homeland Security admitted that CAPPS II is too flawed to go forward, and the agency is considering other aviation security options. Judge Kollar-Kotelly's decision: http://www.epic.org/privacy/airtravel/pia_order.pdf For more information about CAPPS II, see EPIC's Passenger Profiling Page: http://www.epic.org/privacy/airtravel/profiling ====================================================================== [4] Agencies Issue Rules on Homeless Tracking; Bank Customer ID ====================================================================== The Department of Housing and Urban Development has issued final rules to implement Homeless Management Information Systems (HMIS), programs that track recipients of benefits to assess the number of persons receiving care, and to improve efficiency of services to the poor. While well intentioned, the implementation of HMIS can be highly privacy invasive. In comments to the agency, eight civil liberties groups joined EPIC in opposing unnecessarily invasive aspects of HMIS, including provisions giving law enforcement broad access to data, the collection of the Social Security Number from the homeless, and a proposal that domestic violence victims be included in the tracking system. The groups also argued that the agency should take a census-style "snapshot" of the homeless population rather than a constant enumeration of homeless individuals. In its final rule, the agency decided to proceed with collection of the Social Security Number and a full enumeration of the homeless, including domestic violence victims. However, the final rule incorporates tighter controls over law enforcement access and contains significant new protections for privacy. Under the final rule, law enforcement access provisions are clearer and offer more detail to benefits providers. Additionally, whereas the proposed rule would allow some government agents to access an entire HMIS database without a warrant, the final rule limits the contexts in which and the amount of data that law enforcement can obtain. The rule articulates a full set of fair information practices for protection of HMIS data, including collection limitation, purpose specification, use limitation, purpose specification, openness, access and correction, and accountability. The rule also articulates a two-tiered approach to security, where benefits providers must comply with a floor of requirements but may adopt heightened procedures where appropriate. In a separate proceeding, federal banking regulators issued a final rule requiring all banks to create customer identification programs that must be approved by the banks' board of directors. Individuals opening new deposit accounts, trust services, a safe deposit box, credit accounts, or even an extension of credit must provide their names, dates of birth, addresses, and Social Security Numbers under the new rules. A bank must verify enough of this information "to form a reasonable belief that it knows the true identity of the customer," but it need not confirm the accuracy of all the information submitted by the individual. Banks may verify using documents, such as government issued identification cards, or though non-documentary methods, such as credit reporting agency files or public databases. Banks must also check new accounts against the Office of Foreign Assets Control database, which lists known or suspected criminal organizations. Banks must retain both identifying information and information about verifying customers for five years after the account is closed. Bank examiners are encouraged to inspect several categories of suspicious accounts under the rules. They include accounts where the customer applied for a new taxpayer identification number and "high-risk" activities including foreign private banking and trust accounts, accounts of foreign political officials, offshore accounts and non-face-to-face accounts. Basic bank services, such as wire transfers, check cashing, and money order sales do not trigger customer identification programs. The regulations were promulgated under Section 326 of the USA PATRIOT Act. HMIS Final Rule: http://www.epic.org/redirect/hmis_reg.html EPIC comments on HMIS: http://www.epic.org/privacy/poverty/hmiscomments.html Federal Reserve Customer Identification Program Rules: http://www.epic.org/redirect/cips_rules.html ====================================================================== [5] Congress Considers Bills to Strengthen E-Mail Privacy ====================================================================== Rep. Jay Inslee (D-WA) has introduced the E-mail Privacy Act of 2004, H.R. 4956, which would address two weaknesses in the Electronic Communications Privacy Act that were recently highlighted in a controversial First Circuit case. In United States v. Councilman, the court found that an ISP's real-time, continuous acquisition of subscriber e-mail did not violate federal wiretap law. The new bill would fix this misinterpretation of the Wiretap Act as well as close a long-standing loophole in the law governing stored communications that allows an Internet Service Provider (or any electronic communication service provider) to read its subscribers' communications. A second bill, the E-mail Privacy Protection Act of 2004, H.R. 4977, has been introduced by Rep. Jerrold Nadler (D-NY) to address the same issues. In creating the 1986 Electronic Communications Privacy Act, Congress updated existing wiretap law to address electronic communications. Before, only wire and oral communications were protected from interception. The amendments extended protections against interception to electronic communications, and also sought to establish legal standards for access to email in the possession of a service provider. The changes created two categories of electronic communications -- those "in transit," which enjoy relatively generous protection under the first tier of the Electronic Communications Privacy Act (the Wiretap Act), and those "in storage," which receive a lesser degree of legal protection under the second tier of the Electronic Communications Privacy Act (the Stored Communications Act). The categories that resulted from the amendments were viewed as complimentary efforts to protect the privacy of electronic communications. The tiering of communications resulted more from the effort to address specific concerns -- such as extending protections to electronic communications and creating safeguards for stored communications -- than to formally categorize the privacy protection for each type of information. The Councilman case involved the conduct of Interloc, an online literary clearinghouse that sought to pair its subscribers -- rare and used book dealers -- with book buyers. Brad Councilman, former executive of the company, directed Interloc employees to write computer code to intercept and copy all incoming communications from Amazon.com to the subscriber book dealers, for whom Interloc provided e-mail service. According to the indictment, the Interloc systems administrator wrote a revision to the mail processing code that intercepted, copied and stored all incoming messages from Amazon.com before they were delivered to the subscribers. Councilman was charged with violating the Wiretap Act. However, because the messages were in "temporary storage" while on the Interloc e-mail server -- momentarily before being made available to subscribers -- the court held that the messages were not "intercepted" in violation of the Wiretap Act. The House bills seek to correct the First Circuit's narrow interpretation of the provision by clarifying the language, thus reflecting the Congressional intent of the Electronic Communications Privacy Act: the real-time, continuous acquisition of messages while they are in transit -- even if stored momentarily during the course of transmission -- should be an "interception" under the Wiretap Act. H.R. 4956 appears to address the issue more directly than H.R. 4977 by modifying the definition of "interception." Without these modifications, and using the anomalous interpretation of the First Circuit, law enforcement may be able to gain such real-time, continuous acquisition of a suspect's e-mail or other electronic communications without following the strict requirements for a wiretap court order. Counterintuitively, Brad Councilman could not be charged under the second tier of the Electronic Communications Privacy Act, the Stored Communications Act. Both the Wiretap Act and the Stored Communications Act contain a "service provider exception," allowing the service provider to monitor subscriber communications under certain circumstances. The exception in the Wiretap Act allows the provider to monitor communications to the extent necessary for the provision of the service (e.g. ensuring that phone line quality is sufficient). However, the Stored Communications Act exception allows providers -- including ISPs -- to monitor communications without any such qualification. This extremely broad exception allowed Councilman to escape liability under the Stored Communications Act as well. The bills seek to close this loophole by modifying the service provider exception language in the Stored Communications Act to approximate that of the Wiretap Act. H.R. 4956, the E-mail Privacy Act of 2004: http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.4956: H.R. 4977, the E-mail Privacy Protection Act of 2004: http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.4977: The opinion in United States v. Councilman: http://www.ca1.uscourts.gov/pdf.opinions/03-1383-01A.pdf For more information about wiretap law, see EPIC's Wiretap Page: http://www.epic.org/privacy/wiretap ====================================================================== [6] News in Brief ====================================================================== PRIVACY INTERNATIONAL HOLDS 2004 UK BIG BROTHER AWARDS Privacy International recently held its sixth annual United Kingdom Big Brother Awards ceremony, honoring the year's most egregious violators of privacy in the UK. Privacy International accepted nominations from the public in five categories: Worst Public Servant, Most Invasive Company, Most Appalling Project, Most Heinous Government Organisation, and Lifetime Menace Award. The nominees were judged by a panel of lawyers, academics, consultants, journalists and civil rights activists. Winners received a golden award in the shape of a boot stamping on a human head, an image drawn from George Orwell's novel 1984. The Lifetime Menace Award went to the United States Visitor and Immigrant Status Indicator Technology (US-VISIT) because of its offensive and invasive plan to fingerprint all visitors to the United States beginning in September 2004. The unusual nomination of a United States initiative came as a result of the near-total silence of both the U.S. and UK governments regarding implementation of this program. Privacy International's 2004 UK Big Brother Awards page: http://www.privacyinternational.org/bigbrother/uk2004 For more information about US-VISIT, see EPIC's US-VISIT Page: http://www.epic.org/privacy/us-visit EPIC JOINS COALITION TO FILE SPECTRUM PRIVACY COMMENTS EPIC has joined a coalition of groups filing comments with the Federal Communications Commission on the allocation of spectrum. The comments, drafted by the Media Access Project, support the opening of the 3650-3700 MHz band to unlicensed spectrum access, but ask the Commission to address the privacy issues that will be raised by such action. The comments were submitted in response to a notice of proposed rule making, which proposed that every device using this spectrum should broadcast identification information, including contact information of the owner or operator of the device. This requirement would mean that an individual accessing this spectrum on his laptop would have to broadcast his name and e-mail address. The coalition's comments explain why such identification is both unnecessary and harmful to the privacy of the spectrum user. Coalition comments to the Federal Communications Commission: http://www.mediaaccess.org/36500_3700_72804.pdf MEDIA, CIVIL LIBERTIES GROUPS FILE AMICUS BRIEF IN EPIC'S SUPPORT A coalition of journalistic and civil liberties organizations has filed a "friend of the court" brief in support of EPIC's suit against the Department of Justice in a federal appeals court. EPIC is seeking reversal of a lower court's refusal to expedite processing of a Freedom of Information Act request seeking information about the coordinated lobbying efforts of federal prosecutors to oppose legislation affecting the controversial USA PATRIOT Act. EPIC's appeal concerns questions about what a Freedom of Information Act requestor must demonstrate in order to receive expedited processing. The coalition's interest in the appeal stems from the important role expedited processing plays in disseminating timely governmental information in cases in which there is an urgency to inform the public. A decision by the appeals court will likely have a substantial impact on the ability of requestors to obtain expedited processing. Coalition's amicus brief: http://www.epic.org/open_gov/otter/otter_amicus.pdf For more information about the case, see EPIC's EPIC v. DOJ Page: http://www.epic.org/open_gov/otter CONGRESS MAY LOOSEN JUNK FAX REGULATIONS IN SEPTEMBER Congress is poised to loosen federal regulations protecting individuals from unsolicited commercial fax messages, known as "junk faxes." The House has already passed legislation eliminating a Federal Communications Commission regulation that would require junk faxers to obtain written consent before transmitting messages. The House bill also creates an established business relationship exemption to the consent requirement, allowing any business to junk fax anyone who makes any purchase for eternity. The Senate Commerce Committee approved identical legislation, but that version of the bill is likely to be amended to limit the duration of the established business relationship exemption. In response to House and Senate staff requests for advice on junk faxing, EPIC recommended that the Federal Communications Commission should be empowered to reestablish the written consent requirement with respect to junk faxers who routinely violate the law. However, because of procedural rules invoked in the Senate Commerce Committee, no amendments to the legislation were considered. S. 2603, the Junk Fax Prevention Act of 2004: http://thomas.loc.gov/cgi-bin/bdquery/z?d108:s.02603: H.R. 4600, the Junk Fax Prevention Act of 2004: http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.04600: ====================================================================== [7] EPIC Bookstore: A Little Knowledge ====================================================================== A Little Knowledge: Privacy, Security, and Public Information After September 11, Peter M. Shane, John Podesta and Richard C. Leone, eds. (The Century Foundation 2004). http://www.powells.com/cgi-bin/biblio?inkey=62-0870784870-3 "Drawn from the proceedings of the 'Security, Technology, and Privacy' conference, A Little Knowledge looks at the different ways public security and the individual's right to privacy have been placed at odds after September 11. Chapters address such specific topics as how tightening security and limiting communication can harm American participation in the international scientific community; how restricting public access to information can result in a nation of uninformed and unengaged citizens; and how American data security and privacy practices compare with those of other nations. Cosponsored by Carnegie Mellon University's Heinz School and the Georgetown University Law Center. Featuring John Podesta on 'Governing in Secret'; Alice P. Gast on restricting the flow of scientific information; Baruch Fischhoff on disclosing risks; Victor W. Weedn on government risk communications; George Duncan on optimizing privacy and utility in the management of online databases; Joel R. Reidenberg on international approaches to privacy; Sally Katzen on public information rights; and Peter M. Shane on the new technologies and democratic empowerment." ================================ EPIC Publications: "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, as well as recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2003: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2003). Price: $40. http://www.epic.org/bookstore/pls2003 The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "FOIA 2002: Litigation Under the Federal Open Government Laws," Harry Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40. http://www.epic.org/bookstore/foia2002 This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 21st edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual. ================================ "Privacy & Human Rights 2003: An International Survey of Privacy Laws and Developments" (EPIC 2002). Price: $35. http://www.epic.org/bookstore/phr2003 This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty-five countries around the world. The survey examines a wide range of privacy issues including data protection, passenger profiling, genetic databases, video surveillance, ID systems and freedom of information laws. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/bookstore/crypto00& EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ====================================================================== [8] Upcoming Conferences and Events ====================================================================== Crypto 2004: The Twenty-Fourth Annual IACR Crypto Conference. International Association for Cryptologic Research, IEEE Computer Society Technical Committee on Security and Privacy, and the Computer Science Department of the University of California, Santa Barbara. August 15-19, 2004. Santa Barbara, CA. For more information: http://www.iacr.org/conferences/crypto2004. Transatlantic In-Security: Information, Privacy, and the Challenge of Security in US-EU Relations. The American Consortium on EU Studies. August 17, 2004. Washington, DC. E-mail lharris at american.edu. Ninth National HIPAA Summit. September 12-14, 2004. Baltimore, MD. For more information: http://www.HIPAASummit.com. Public Voice Symposium: Privacy in a New Era: Challenges, Opportunities and Partnerships. Electronic Privacy Information Center, European Digital Rights Initiative (EDRi), and Privacy International. September 13, 2004. Wroclaw, Poland. For more information: http://www.thepublicvoice.org/events/wroclaw04/default.html. The Right to Personal Data Protection -- the Right to Dignity. 26th International Conference on Data Protection and Privacy Commissioners. September 14-16, 2004. Wroclaw, Poland. For more information: http://26konferencja.giodo.gov.pl. Health Privacy Seminar. Riley Information Services. September 17, 2004. Ottawa, Ontario. For more information: http://www.rileyis.com/seminars/index.html. Nethead/Bellhead: The FCC Takes on the Internet. Cardozo Law School Florsheimer Center for Constitutional Democracy and the Yale Law School Information Society Project. September 28, 2004. New York, NY. For more information: http://www.cardozobellhead.net. The Internet and the Law -- A Global Conversation. Law & Technology Program, University of Ottawa. Ottawa, Ontario. October 1-2, 2004. For more information: http://web5.uottawa.ca/techlaw/symposium.php?idnt=99&v=22. 2004 Telecommunications Policy Research Conference. National Center for Technology & Law, George Mason University School of Law. October 1-3, 2004. Arlington, VA. For more information: http://www.tprc.org/TPRC04/call04.htm. Health Privacy Conference. Office of the Information and Privacy Commissioner of Alberta. October 4-5, 2004. Calgary, Alberta, Canada. For more information: http://www.oipc.ab.ca/home/DetailsPage.cfm?ID=1453. Privacy and Identity: The Promise and the Perils of a Technological Age. DePaul University Center for Intellectual Property Law and Information Technology and School of Computer Science, Telecommunications and Information Systems. October 14-15, 2004. Chicago, IL. For more information: http://facweb.cs.depaul.edu/research/vc/CIPLIT2004. 2004 Big Brother Awards Switzerland. October 16, 2004. Lucerne, Switzerland. For more information: http://www.bigbrotherawards.ch. DRM 2004: The Fourth ACM Workshop on Digital Rights Management. Association for Computing Machinery Special Interest Group on Security, Audit and Control. October 25, 2004. Washington, DC. For more info: http://mollie.engr.uconn.edu/DRM2004. 2004 Big Brother Awards Austria. October 26, 2004. Vienna, Austria. For more information: http://www.bigbrotherawards.at. IAPP Privacy and Data Security Academy & Expo. International Association of Privacy Professionals. October 27-29, 2004. New Orleans, LA. For more information: http://www.privacyassociation.org/html/conferences.html. Privacy and Security: Seeking the Middle Path. Office of the Information & Privacy Commissioner of Ontario; Centre for Innovation Law and Policy, University of Toronto; and Center for Applied Cryptographic Research, University of Waterloo. Toronto, Ontario, Canada. October 28-29, 2004. For more information: http://www.epic.org/redirect/uwaterloo_conf.html. 2004 Big Brother Awards Germany. October 29, 2004. Bielefeld, Germany. For more information: http://www.bigbrotherawards.de. CFP2005: Fifteenth Annual Conference on Computers, Freedom and Privacy. April 12-15, 2005. Seattle, WA. For more information: http://www.cfp2005.org. ====================================================================== Subscription Information ====================================================================== Subscribe/unsubscribe via web interface: https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ====================================================================== Privacy Policy ====================================================================== The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ====================================================================== About EPIC ====================================================================== The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 11.15 ---------------------- .