======================================================================= E P I C A l e r t ======================================================================= Volume 11.16 August 27, 2004 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_11.16.html ====================================================================== Table of Contents ====================================================================== [1] Homeland Security To Test New Passenger Prescreening System [2] FCC Imposes Rules on Internet Telephony; Bans Wireless Spam [3] Federal Appeals Court Upholds Compelled DNA Production [4] EPIC Files Amicus Brief Arguing Against Secret Law [5] EPIC Urges Privacy Protections for Auto Black Boxes [6] News in Brief [7] EPIC Bookstore: Whistleblowing Around the World [8] Upcoming Conferences and Events ====================================================================== [1] Homeland Security To Test New Passenger Prescreening System ====================================================================== The Department of Homeland Security's Assistant Secretary for the Transportation Security Administration David Stone announced yesterday that the government will begin testing Secure Flight, its new passenger prescreening system, in November. The program's introduction comes just a few weeks after TSA scrapped plans for its predecessor, the second generation Computer Assisted Passenger Prescreening System (CAPPS II), in part due to privacy concerns. Admiral Stone stated that commercial airlines will be ordered in September to turn over "historical" PNR data for TSA to use in the testing phase of Secure Flight. The new program, slated for deployment early next year, will focus on comparing Passenger Name Records (PNRs) against expanded "selectee" and "no fly" lists maintained by the government. If a traveler's PNR matches information on a watch list, commercial data aggregators will be relied upon to verify the traveler's identity. TSA will administer the program, removing all passenger screening responsibility from the airlines. Though TSA plans to implement a redress process for travelers improperly flagged by Secure Flight, it is unclear how this process will work. The government has long used "selectee" and "no fly" lists for aviation security purposes, but passengers have experienced great difficulty clearing their names when improperly flagged. In 2002, EPIC obtained through the Freedom of Information Act dozens of complaint letters sent to TSA by irate passengers who felt they had been incorrectly identified for additional security or were denied boarding because of the watch lists. The complaints describe the bureaucratic maze passengers encounter if they happen to be mistaken for individuals on the list, as well as the difficulty they encounter trying to exonerate themselves. Even members of Congress have found themselves targeted due to the watch lists. Senator Edward Kennedy (D-MA) recently reported in a Senate Judiciary Committee hearing on border security that on multiple occasions airline agents have tried to prevent him from boarding flights because his name appeared on a watch list. He was halted three times before his staff called TSA, and afterwards continued to be stalled at the gate. Senator Kennedy was forced to call Homeland Security Secretary Tom Ridge in order to clear his name, an option available to very few travelers. The name on the watch list preventing Kennedy's travel was apparently "T. Kennedy." Rep. John Lewis (D-GA) also has said he is on a watch list, barred from buying electronic tickets, and subject to extensive searches every time he boards a flight. EPIC FOIA documents on "selectee" and "no fly" watch lists: http://www.epic.org/redirect/watchlist_foia.html For more information about travel privacy and CAPPS II, see EPIC's Passenger Profiling Page: http://www.epic.org/privacy/airtravel/profiling ====================================================================== [2] FCC Imposes Rules on Internet Telephony; Bans Wireless Spam ====================================================================== The Federal Communications Commission has adopted a ruling on wiretapping of Internet telephony and a prohibition of commercial e-mail sent to wireless devices. The Commission has tentatively determined that Internet phone calls are subject to wiretapping by law enforcement under the Communications Assistance for Law Enforcement Act (CALEA). The Department of Justice, Federal Bureau of Investigation, and Drug Enforcement Administration filed a joint petition in March 2004 requesting that Internet telephony be subject to CALEA. The Commission has at least tentatively concluded that CALEA applies to facilities-based providers of any type of broadband Internet access service -- including wireline, cable modem, satellite, wireless, and powerline -- and to managed or mediated Voice over Internet Protocol (VoIP) services. This determination is based on the Commission's proposal that these services are "a replacement for a substantial portion of the local telephone exchange service." The Commission now seeks comment from carriers as to their obligations and the feasibility of this proposed ruling. EPIC filed comments with the Commission earlier this year asserting that Internet telephony should not be subject to CALEA. EPIC opposes the extension of CALEA to such services on the ground that it impermissibly seeks to extend the narrow, legislatively authorized reach of the requirements of the law. Any such expansion of CALEA's reach, should it be deemed necessary, must be effectuated by Congress rather than the Commission. This is particularly the case in light of the unique privacy issues that arise when surveillance capabilities are mandated for packet-mode communications. Further, the law enforcement agencies petitioning the Commission have not demonstrated that the existing CALEA regime is in any way inadequate to address their needs. The Commission has also ruled that marketers cannot send commercial e-mail to wireless devices without the explicit consent of the consumer. The Commission adopted a general prohibition on sending commercial messages to wireless devices (to any address referencing an Internet domain associated with wireless subscriber messaging services). The ruling is consistent with comments filed by EPIC in April arguing that marketers cannot send commercial e-mail to wireless devices without the explicit consent of the consumer. These new rules will be enforced under the CAN-SPAM Act, legislation enacted last year which has so far proved an ineffective protection against spam. It has done little to decrease the amount of spam sent by bulk e-mailers, despite cases having been filed against alleged spammers by Microsoft, Earthlink, AOL and Yahoo. Under CAN-SPAM, only governments and Internet Service Providers are able to use the law, which makes lawsuits brought by private organizations ineffective. To combat the problem of spam, EPIC favors "opt-in" mailing lists, a private right of action for consumers, and freedom for states to pursue spammers, combined with technical measures and international cooperation. FCC's rulemaking on CALEA: http://www.epic.org/redirect/fcc_calea.html FCC news release on wireless spam: http://www.epic.org/redirect/fcc_spam.html EPIC's CALEA comments: http://www.epic.org/privacy/wiretap/calea/caleacomment4.12.04.pdf EPIC's wireless spam comments: http://www.epic.org/privacy/telemarketing/wsspamcomm4.30.04.html ====================================================================== [3] Federal Appeals Court Upholds Compelled DNA Production ====================================================================== In a close 6-5 decision, the Ninth Circuit Court of Appeals has determined that a parolee can be forced to provide a DNA sample for the FBI's vast national DNA database, even when there is no suspicion that he has committed a crime in addition to the one for which he has served his time. In this case, Thomas Cameron Kincade argued that the DNA Analysis Backlog Elimination Act of 2000 violates Fourth Amendment guarantees against unreasonable search and seizure. The DNA Act requires certain felons and parolees to submit a sample of their DNA to the government. The DNA Act does not require suspicion that an individual will commit or has committed another offense, nor that the sample be taken in order to aid in the investigation of a particular crime. Refusal to provide a DNA sample is a misdemeanor. Once the sample is taken and analyzed, a DNA profile is created and added to the Combined DNA Index System (CODIS) and made available to law enforcement by the FBI. In March, EPIC filed a "friend of the court" brief in support of Mr. Kincade, arguing that DNA contains far more information than a fingerprint and that, in the absence of privacy safeguards, a DNA sample collected for one purpose could be used in the future for unrelated purposes. In determining that the Fourth Amendment allows compelled DNA profiling of parolees who are not suspected of having committed an additional crime, Judge O'Scannlain's majority opinion noted that parolees are not entitled to the full extent of constitutional protections enjoyed by the public. The court concluded that the public interest served by collecting parolees' DNA outweighed parolees' "substantially diminished expectations of privacy" and "the minimal intrusion occasioned by blood sampling." A concurring opinion by Judge Gould emphasized that the court had not determined the rights of an individual "who has fully paid his or her debt to society, who has completely served his or her term, and who has left the penal system . . . . Once those previously on supervised release have wholly cleared their debt to society, the question must be raised: 'Should the CODIS entry be erased?'" Judge Gould noted that this question would have to be addressed in a future case. Judge Reinhardt's lengthy dissent (joined by Judge Pregerson, Judge Kozinski, and Judge Wardlaw) chastised the majority's holding, stating, "Never has the [Supreme] Court approved of the government's construction of a permanent governmental database built from general suspicionless searches and designed for use in the investigation and prosecution of criminal offenses." Judge Reinhardt went on to caution, "Privacy erodes first at the margins, but once eliminated, its protections are lost for good, and the resulting damage is rarely, if ever, undone. Today, the court has opted for comprehensive DNA profiling of the least protected among us, and in so doing, has jeopardized us all." For more information about the case, see EPIC's United States v. Kincade Page: http://www.epic.org/privacy/kincade EPIC's amicus brief: http://www.epic.org/privacy/genetic/kincade_amicus.pdf For more information about genetic privacy, see EPIC's Genetic Privacy Page: http://www.epic.org/privacy/genetic ====================================================================== [4] EPIC Files Amicus Brief Arguing Against Secret Law ====================================================================== EPIC has filed a "friend of the court" brief in Gilmore v. Ashcroft, a case before the Ninth Circuit Court of Appeals challenging the government's unpublished law or regulation requiring passengers to present identification to fly on commercial airlines. John Gilmore argues that the requirement violates numerous constitutional protections, including the rights to travel, petition and freely assemble, be free from unreasonable search and seizure, and have access to due process of law. Mr. Gilmore is challenging the dismissal of his case in March by a federal district court. In that proceeding, the government not only refused to provide the court with the text of the law or regulation requiring airline passengers to show identification, but declined even to acknowledge whether the requirement exists. Furthermore, the district court judge accepted the government's assurance that the court did not have jurisdiction to review the law or regulation, failing to independently determine the legal basis for that claim. In its amicus brief, EPIC argued that the district court's failure to examine the government's authority to enforce the law or regulation allows the government to impose secret law upon the public, thus avoiding meaningful review by courts as required by the Constitution. "Compelled identification stemming from secret law violates due process safeguards because it is inherently vague and provides no means for ordinary people or reviewing courts to meaningfully determine which procedures are legal or proper," EPIC wrote. The brief urged the Ninth Circuit to send the case back to the district court to determine whether the government's identification requirement is lawful. Gilmore v. Ashcroft web site: http://www.gilmorevsashcroft.com EPIC's amicus brief: http://www.epic.org/privacy/airtravel/gilmore_amicus.pdf For more information about travel privacy, see EPIC's Passenger Profiling Page: http://www.epic.org/privacy/airtravel/profiling ====================================================================== [5] EPIC Urges Privacy Protections for Auto Black Boxes ====================================================================== In formal comments, EPIC urged the National Highway Transportation Security Administration (NHTSA) to create privacy protections for "Event Data Recorders," (EDRs) black boxes in vehicles that record crash data. The comments were made in response to a federal rulemaking calling for standardization of EDR data. EPIC argued that with standardization of data collection, the agency has a duty to create meaningful privacy protections. The agency's current plan to protect privacy by putting a short disclosure in the owner's manual falls fall short of this duty. EPIC argued that EDRs present serious privacy issues that have been developing incrementally. Just two months ago, NHTSA claimed that it did not intend to require manufacturers to install EDRs. Earlier this month, however, the National Transportation Safety Board called for mandatory EDR installation following the investigation of the 2003 accident involving an elderly driver that resulted in ten deaths. Auto insurers are now offering plans in which EDR-like devices routinely monitor drivers. And there is the growing risk associated with EDRs connected to communications systems, as they can become platforms for commercial or law enforcement monitoring (see EPIC Alert 10.24). EPIC argued that requiring EDR installation together with standardizing the EDR data format would create a vast government-mandated data collection regime that demands privacy protection. Specifically, EPIC recommended that the car owner be explicitly recognized as the owner of the EDR data and that affirmative consent be obtained before the data is accessed. With respect to EDRs that can access communications systems, similar to OnStar or ATX, EPIC recommended that the device not initiate communication unless an accident is detected or if the driver uses a manual feature to initiate communications for purposes of transmitting driving data. EPIC comments on EDR data standardization: http://www.epic.org/privacy/drivers/edr_comm81304.html NHTSA request for comment: http://www.epic.org/redirect/edr_req.html ====================================================================== [6] News in Brief ====================================================================== COALITION OBJECTS TO CENSUS DATA SHARING WITH HOMELAND SECURITY EPIC joined a coalition of more than 20 civil liberties organizations in sending a letter to the Department of Homeland Security, asking the law enforcement agency to explain its acquisition and use of statistical census data on Arab Americans. The coalition also called for a formal documented investigation and Congressional hearings into the matter. The letter was written in response to heavily redacted documents obtained by EPIC through the Freedom of Information Act revealing that the Census Bureau gave the Department of Homeland Security Customs and Border Protection statistical information on people who identified themselves on the 2000 census as being of Arab ancestry. The coalition letter states that the provision of census data to the Department of Homeland Security was "a violation of the public's trust in the census bureau, and a troubling reminder of one of our nation's darkest days when the sharing of similar information resulted in the internment of Japanese Americans during World War II." The letter also questions the Department of Homeland Security's claim that the census information was used only to determine language for airport signage, calling the explanation "inconsistent with reality." The coalition notes that neither the Census Bureau nor Department of Homeland Security has shown that similar information concerning people of other ethnicities was requested for airport signage purposes. Coalition letter: http://www.aaiusa.org/pr/release08-13-04.htm FOIA documents obtained by EPIC from the Census Bureau: http://www.epic.org/privacy/census/foia For more information about privacy of census information, see EPIC's Census Privacy Page: http://www.epic.org/privacy/census COURT RULES CLASSIFIED CONTRACT SUBJECT TO FOIA U.S. District Judge Kollar-Kotelly has ruled that documents relating to a classified contract between the Federal Bureau of Investigation and ChoicePoint, a commercial data broker, is subject to the Freedom of Information Act. Documents already released indicate that the contract concerns a secret, sole-source agreement between ChoicePoint and the government. The documents are heavily redacted, but one discusses the following agreement: "The Criminal Investigative Division (CID) [redacted] has a requirement to conduct a feasibility study for a prototype methodology to meet the requirements of the Federal Bureau of Investigation's (FBI), [redacted] Program." ChoicePoint employees with access to the FBI facility housing the prototype had to have secret-level security clearances. All of the over 1,500 pages of documents obtained by EPIC on ChoicePoint are online, and EPIC Associate Director Chris Hoofnagle recently published a law journal article analyzing the documents. District court order: http://www.epic.org/privacy/choicepoint/memop82304.pdf Documents discussing the secret ChoicePoint prototype: http://www.epic.org/privacy/choicepoint/cpfbi1.31.02a.pdf For more information about the case, see the EPIC ChoicePoint Page: http://www.epic.org/privacy/choicepoint GROUPS COMMENT ON POSTAL DATABASE SYSTEM EPIC and Privacy Rights Clearinghouse filed comments suggesting privacy improvements to a proposed Postal Service system that uses commercial databases to improve delivery rates. The Postal Service's "Distribution Quality Improvement" program will use a commercially available name and address database to improve processing of inaccurate, incomplete, or illegible mailpieces. Information available on the mailpiece will be matched against the database for names and address matches, and where a match if found, the Postal Service will spray an accurate delivery barcode onto the mailpiece. The Postal Service carefully designed the system with privacy and security in mind. However, EPIC and Privacy Rights Clearinghouse did suggest that the commercial data provider voluntarily abide by a series of Fair Information Practices in all of their business functions. The groups argued that the Postal Service has a unique opportunity to promote best practices in the commercial database field by choosing a vendor that promises to protect privacy. The groups also commented that many Americans would benefit from more control over the distribution of junk mail. Noting that standard techniques to avoid junk mail are limited in effectiveness, and the recent success of the telemarketing Do-Not-Call Registry, the Postal Service was urged to explore a Do-Not-Mail Registry to block saturation mailings and individually addressed commercial solicitations. Comments to the U.S. Postal Service on Distribution Quality Improvement: http://www.epic.org/privacy/postal/dqi_comment.html U.S. Postal Service request for comment on Distribution Quality Improvement: http://www.epic.org/redirect/usps_req.html For more information about mail privacy, see the EPIC Postal Privacy Page: http://www.epic.org/privacy/postal ARMY DEEMS PASSENGER DATA USE LEGAL An Army Inspector General report obtained through the Freedom of Information Act by journalist Ryan Singel has concluded that neither the Defense Department nor defense contractor Torch Concepts violated the Privacy Act by using of millions of JetBlue Airways passenger records to conduct a military data mining project without the passengers' knowledge or consent. The Inspector General's determination was based upon the Privacy Act's protection only of "systems of records," defined as groups of "any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual." According to the report, Torch Concepts did not run afoul of the Privacy Act because it did not use names or other specific identifiers to access passenger information in databases. Likewise, the Inspector General found that Torch Concepts' disclosure of some passengers' addresses, Social Security Numbers, and dates of birth during a presentation at a conference did not violate the Privacy Act because the information was not derived from a "system of records." The disclosure did, however, violate Torch Concepts' contract to perform the data mining work. The Army Inspector General's report: http://www.epic.org/privacy/airtravel/army_ig_report.pdf For more information about air travel data privacy, see EPIC's Passenger Profiling Page: http://www.epic.org/privacy/airtravel/profiling GOOGLE FOUNDERS DISCUSS GMAIL PRIVACY IN INTERVIEW Google founders Larry Page and Sergey Brin discussed Gmail, an advertising-supported web mail system that engages in "content extraction" in order to target ads to subscribers, in an interview with Playboy Magazine. Page and Brin clumsily avoided pointed questions raised by Playboy regarding the privacy implications of the system. A portion of the interview is reproduced below. "PLAYBOY: The Electronic Privacy Information Center equates such monitoring with a telephone operator listening to your conversations and pitching ads while you talk. "BRIN: That's what Hotmail and Yahoo do, don't forget. They have big ads that interfere with your ability to use your mail. Our ads are more discreet and off to the side. Yes, the ads are related to what you are looking at, but that can make them more useful. "PAGE: During Gmail tests, people bought lots of things using the ads. "BRIN: Today I got a message from a friend saying I should prepare a toast for another friend's birthday party. Off to the side were two websites I could go to that help prepare speeches. I like to make up my own speeches, but it's a useful link if I want to take advantage of it. "PLAYBOY: Even that sounds ominous. We may not want anyone -- or any machine -- knowing we're giving a speech at a friend's birthday party. "BRIN: Any web mail service will scan your e-mail. It scans it in order to show it to you; it scans it for spam. All I can say is that we are very up-front about it. That's an important principle of ours." Full Playboy interview: http://www.secinfo.com/d14D5a.148c8.htm#_toc59330_25b For more information about Gmail, see the EPIC Gmail FAQ: http://www.epic.org/privacy/gmail/faq ====================================================================== [7] EPIC Bookstore: Whistleblowing Around the World ====================================================================== Whistleblowing Around the World: Law, Culture, and Practice, Richard Calland and Guy Dehn eds. (Open Democracy Advice Center and Public Concern at Work 2004). http://www.pcaw.co.uk/policy_pub/book.html In lamenting the restrictions on freedom caused by "petty coercion," Marilynne Robinson recently wrote, "A successful autocracy rests on the universal failure of individual courage. In a democracy, abdications of conscience are never trivial. The demoralize politics, debilitate candor, and disrupt thought." It takes a lot of individual courage to be a whistleblower. Those who question corrupt practices are subjected to ridicule, loss of work, and even physical attack. We ought to be more grateful to whistleblowers. In Whistleblowing Around the World, four whistleblowers recount their experiences in exposing to the public both government and private-sector wrongdoing. The book traces the stories of Sherron Watkins, an Enron whistleblower; Victoria Johnson, who exposed corruption in the Cape Town government; Dr. Jiang Yanyong, who publicized the SARS epidemic in China; and Harry Templeton, who challenged the plundering of pension funds. The book analyzes American, British, Japanese and South African policy approaches to whistleblowing. It considers the forces that facilitate and prevent legitimate whistleblowing in different cultures. It discusses the roles of employers, the state, the media, the law and civil society and offers advice to practitioners, policymakers, and activists. - Chris Jay Hoofnagle ================================ EPIC Publications: "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, as well as recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2003: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2003). Price: $40. http://www.epic.org/bookstore/pls2003 The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "FOIA 2002: Litigation Under the Federal Open Government Laws," Harry Hammitt, David Sobel and Mark Zaid, editors (EPIC 2002). Price: $40. http://www.epic.org/bookstore/foia2002 This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 21st edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual. ================================ "Privacy & Human Rights 2003: An International Survey of Privacy Laws and Developments" (EPIC 2002). Price: $35. http://www.epic.org/bookstore/phr2003 This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty-five countries around the world. The survey examines a wide range of privacy issues including data protection, passenger profiling, genetic databases, video surveillance, ID systems and freedom of information laws. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/bookstore/crypto00& EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ====================================================================== [8] Upcoming Conferences and Events ====================================================================== Ninth National HIPAA Summit. September 12-14, 2004. Baltimore, MD. For more information: http://www.HIPAASummit.com. Public Voice Symposium: Privacy in a New Era: Challenges, Opportunities and Partnerships. Electronic Privacy Information Center, European Digital Rights Initiative (EDRi), and Privacy International. September 13, 2004. Wroclaw, Poland. For more information: http://www.thepublicvoice.org/events/wroclaw04/default.html. The Right to Personal Data Protection -- the Right to Dignity. 26th International Conference on Data Protection and Privacy Commissioners. September 14-16, 2004. Wroclaw, Poland. For more information: http://26konferencja.giodo.gov.pl. Health Privacy Seminar. Riley Information Services. September 17, 2004. Ottawa, Ontario. For more information: http://www.rileyis.com/seminars/index.html. Protection of Children Online and Review of the Safe Harbour Agreement. British Institute of International and Comparative Law 2004 Data Protection Research and Policy Group Series. September 22, 2004. London, UK. For more information: http:www.biicl.org. Online Privacy: Choice of Law. British Institute of International and Comparative Law Data Protection Research and Policy Group. September 23, 2004. London, UK. For more information: http:www.biicl.org. Nethead/Bellhead: The FCC Takes on the Internet. Cardozo Law School Florsheimer Center for Constitutional Democracy and the Yale Law School Information Society Project. September 28, 2004. New York, NY. For more information: http://www.cardozobellhead.net. IAPP Privacy and National Security Forum. International Association of Privacy Professionals. September 30, 2004. Washington, DC. For more information: http://www.privacyassociation.org/html/conferences.html. The Internet and the Law -- A Global Conversation. Law & Technology Program, University of Ottawa. Ottawa, Ontario. October 1-2, 2004. For more information: http://web5.uottawa.ca/techlaw/symposium.php?idnt=99&v=22. 2004 Telecommunications Policy Research Conference. National Center for Technology & Law, George Mason University School of Law. October 1-3, 2004. Arlington, VA. For more information: http://www.tprc.org/TPRC04/call04.htm. Health Privacy Conference. Office of the Information and Privacy Commissioner of Alberta. October 4-5, 2004. Calgary, Alberta, Canada. For more information: http://www.oipc.ab.ca/home/DetailsPage.cfm?ID=1453. IAPP Entertainment and Privacy Forum. International Association of Privacy Professionals. October 7, 2004. Los Angeles, CA. For more information: http://www.privacyassociation.org/html/conferences.html. Privacy and Identity: The Promise and the Perils of a Technological Age. DePaul University Center for Intellectual Property Law and Information Technology and School of Computer Science, Telecommunications and Information Systems. October 14-15, 2004. Chicago, IL. For more information: http://facweb.cs.depaul.edu/research/vc/CIPLIT2004. 2004 Big Brother Awards Switzerland. October 16, 2004. Lucerne, Switzerland. For more information: http://www.bigbrotherawards.ch. DRM 2004: The Fourth ACM Workshop on Digital Rights Management. Association for Computing Machinery Special Interest Group on Security, Audit and Control. October 25, 2004. Washington, DC. For more info: http://mollie.engr.uconn.edu/DRM2004. 2004 Big Brother Awards Austria. October 26, 2004. Vienna, Austria. For more information: http://www.bigbrotherawards.at. Private and Private International Law Issues Raised by Electronic Commerce. The Hague Conference on Private International Law, the Netherlands Government and the International Chamber of Commerce. October 26-27, 2004. The Hague, Netherlands. For more information: http://www.hcch.net/doc/e-comm_infoe.pdf. IAPP Privacy and Data Security Academy & Expo. International Association of Privacy Professionals. October 27-29, 2004. New Orleans, LA. For more information: http://www.privacyassociation.org/html/conferences.html. Privacy and Security: Seeking the Middle Path. Office of the Information & Privacy Commissioner of Ontario; Centre for Innovation Law and Policy, University of Toronto; and Center for Applied Cryptographic Research, University of Waterloo. Toronto, Ontario, Canada. October 28-29, 2004. For more information: http://www.epic.org/redirect/uwaterloo_conf.html. 2004 Big Brother Awards Germany. October 29, 2004. Bielefeld, Germany. For more information: http://www.bigbrotherawards.de. The 2004 Isaac Pitblado Lectures: Privacy -- Another Snail in the Ginger Beer. The Law Society of Manitoba, The Manitoba Bar Association and the University of Manitoba Faculty of Law. November 19-20, 2004. Manitoba, Canada. For more information: http://www.lawsociety.mb.ca/shopping/default.asp. National Security, Law Enforcement and Data Protection. British Institute of International and Comparative Law Data Protection Research and Policy Group. December 8, 2004. London, UK. For more information: http:www.biicl.org. CFP2005: Fifteenth Annual Conference on Computers, Freedom and Privacy. April 12-15, 2005. Seattle, WA. For more information: http://www.cfp2005.org. ====================================================================== Subscription Information ====================================================================== Subscribe/unsubscribe via web interface: https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ====================================================================== Privacy Policy ====================================================================== The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ====================================================================== About EPIC ====================================================================== The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 11.16 ---------------------- .