======================================================================= E P I C A l e r t ======================================================================= Volume 11.18 September 24, 2004 ----------------------------------------------------------------------- Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_11.18.html ====================================================================== Table of Contents ====================================================================== [1] Poland Conference Examines Privacy in a New Era [2] Gov't Details Secure Flight; Documents Show CAPPS II Mission Creep [3] Wireless Privacy Bill Moves Forward in Senate [4] EPIC Challenges Dismissal of Privacy Claim Against Northwest [5] EPIC Testifies on Voting and Privacy [6] News in Brief [7] EPIC Bookstore: Litigation Under the Federal Open Government Laws [8] Upcoming Conferences and Events ====================================================================== [1] Poland Conference Examines Privacy in a New Era ====================================================================== The Public Voice hosted "Privacy in a New Era: Challenges, Opportunities, and Partnerships" on September 13 in Wroclaw, Poland. The conference provided an opportunity for civil society leaders and academic experts to meet with European data protection authorities and explore emerging challenges to the protection of personal privacy. The conference was held in conjunction with the annual meeting of the International Data Protection and Privacy Commissioners. The event was organized by EPIC, Privacy International, and the European Digital Rights Initiative. Conference participants came from fifteen countries, seven of which are New European Union Member States. Several privacy commissioners participated in the conference, including Peter Hustinx, European Data Protection Supervisor; Dr. Ewa Kulesza, Inspector General for Personal Data Protection in Poland; Karel Neuwirt, Data Protection Commissioner for the Czech Republic; Jennifer Stoddart, Privacy Commissioner for Canada; David Loukidales, Privacy Commissioner for British Columbia, Canada; Raymond Tang, Privacy Commissioner for Hong Kong; and Frank Work, Information and Privacy Commissioner for Alberta, Canada. Karel Neuwirt, Data Protection Commissioner for the Czech Republic, spoke about the development of privacy protection, the relevant international instruments, and the establishment of the data protection authority in the Czech Republic. Mr. Neuwirt emphasized the educative role of his office. "Education is an effective tool of enforcement for data protection principles," he said. Gus Hosein of Privacy International discussed the relationship between civil society groups and data protection authorities. Hosein pointed to several successful collaborations as well as important efforts that data protection authorities have taken to safeguard privacy, and recommended that civil society organizations acknowledge these efforts. At the same time, he said, data protection authorities must pursue more campaigns to maintain public support. Professor Arwid Mednis of the University of Wroclaw explored the legal basis of the right to privacy, with a particular emphasis on the development of privacy standards within the Council of Europe and the European Union. Professor Mednis looked in particular at recent developments in privacy law and some of the new challenges resulting from efforts to combat computer crime and to fight terrorism. Bogdan Manolea described how he established the Association for the Best Use of Electronic Services (ABUSE), the first association of information service providers in Romania. He examined the roots of privacy and the current threats to privacy, including the establishment of the Integrated Informational System, a centralized database which may become the electronic arm of the Romanian Intelligence Service. Manolea suggested several strategies for effective privacy protection, including the creation of an independent privacy office, awareness campaigns, and concrete programs in cooperation with civil society organizations. Ivan Székely of the Open Society Archives at Central European University in Hungary candidly assessed the work of civil society groups in the data protection field. He discussed the need to distinguish real civil society organizations from front groups, as well as the complimentary roles of expert privacy groups and radical privacy groups. He made recommendations about how to develop effective public education campaigns, including the need to develop phrases and themes that speak to a broad public. Conference web site: http://www.thepublicvoice.org/events/wroclaw04 The Public Voice: http://www.thepublicvoice.org Privacy International: http://www.privacyinternational.org European Digital Rights Initiative: http://www.edri.org ====================================================================== [2] Gov't Details Secure Flight; Documents Show CAPPS II Mission Creep ====================================================================== The Transportation Security Administration has released more information about Secure Flight, the government's new passenger prescreening initiative which is being developed to replace the controversial second generation Computer Assisted Passenger Prescreening System (CAPPS II). CAPPS II was dropped just months ago due to unresolvable concerns about the program's effectiveness and implications for individual privacy. As described by the TSA, Secure Flight will compare Passenger Name Records (PNRs) against information compiled by the Terrorist Screening Center, which will include expanded "selectee" and "no fly" lists. TSA will also seek to identify "suspicious indicators associated with travel behavior" in passengers' itinerary PNR data. Furthermore, the agency is planning to test the use of commercial databases to verify the accuracy of information provided by travelers. TSA will administer the program, removing all passenger screening responsibility from the airlines. The agency has issued a proposed order that directs airlines to turn over passenger records from June 2004 so that Secure Flight can be tested this fall. Like its predecessor, Secure Flight has been exempted from crucial provisions of the Privacy Act, which will severely limit the rights individuals typically would have in the personal information the government maintains about them. For instance, Secure Flight may collect and use personal information irrelevant and unnecessary for aviation security. Furthermore, passengers will have no judicially enforceable rights to access and correct the personal information maintained about them for the program. TSA assures the public, however, that "upon completion of the testing phase, and before Secure Flight is operational, TSA will establish comprehensive passenger redress procedures and personal data and civil liberties protections for the Secure Flight program." No details about these protections are available, nor information about how long TSA will keep PNR data that it collects for Secure Flight, even though the agency intends to launch the program early next year. In related news, EPIC's Freedom of Information Act litigation with the TSA has revealed three heavily redacted draft privacy impact assessments the agency performed last year for CAPPS II. The drafts, dated April 17, 2003, July 29, 2003, and July 30 2003, reflect a dramatic expansion over just three and a half months in the ways passenger information collected for the program would have been shared. Privacy Act notice for Secure Flight: http://www.epic.org/privacy/airtravel/sf_sorn__9.21.04.pdf Secure Flight privacy impact assessment: http://www.epic.org/privacy/airtravel/sf_pia__9.21.04.pdf Proposed order directing airlines to turn over June 2004 passenger records: http://www.epic.org/privacy/airtravel/sf_pra_9.21.04.pdf Privacy impact assessments obtained through the FOIA showing CAPPS II mission creep: http://www.epic.org/privacy/airtravel/foia/4-17-03.pdf http://www.epic.org/privacy/airtravel/foia/7-29-03.pdf http://www.epic.org/privacy/airtravel/foia/7-30-03.pdf ====================================================================== [3] Wireless Privacy Bill Moves Forward in Senate ====================================================================== The Senate Commerce Committee has approved S. 1963, the Wireless 411 Privacy Act. Authored by Senators Specter (R-PA) and Boxer (D-CA), the legislation would require wireless carriers to obtain consent before listing current subscribers a wireless directory, but new subscribers could be listed on an opt-out basis. The bill prohibits charging for listing or for revoking a listing. Representatives Pitts (R-PA) and Markey (D-MA) have introduced companion legislation in the House as H.R. 3558. Earlier in the week, EPIC Executive Director Marc Rotenberg testified before the Committee on the need to create privacy protections for a wireless phone number directory being created by Qsent for wireless providers, AT&T, Sprint, Cingular, T-Mobile, Nextel, and ALLTEL. While giving individuals a convenient way to find wireless phone numbers, such a directory may subject users to unwanted telemarketing, spam, viruses, junk faxes, and harassing calls. EPIC made the case that opt-in and other legislative protections are needed because many profitable and reputable companies have promised strong privacy safeguards only to renege with the adoption of new business models. Furthermore, although the wireless industry's trade group, CTIA, has promised that the system will be opt-in, their representations are illusory because the carriers themselves will set the privacy practices for the wireless directory. Carriers would be free to adopt opt-out standards, and thus far, the participating carriers have been reticent and were unwilling to testify before the Committee. Not so with Verizon Wireless. In its testimony, the company strongly opposed the creation of a wireless directory, calling it a "dumb idea" and claiming that opt-in is not enough to protect subscribers' privacy rights. It pledged not to participate in the wireless directory, noting that those who wish to be listed can do so free online, and for a small charge in print directories. Qsent, the company tasked to architect the wireless directory, testified that consumers will get to choose to be listed, but stopped short of using the term "opt-in." The company claimed that wireless numbers will only be distributed to those who call "411," and that it will never appear in print or electronic form, nor will it be available on the Internet. The company also promised security safeguards for the wireless directory. However, it is unclear what recourse exists if there is accidental disclosure or security breach. In the wireline context, the disclosure of an unpublished or unlisted number usually results in the carrier issuing a new phone number to affected subscribers. It is unclear whether wireless users will enjoy that benefit. California is on the cusp of creating the strongest protections for wireless directory information. California AB 1733 creates opt-in requirements for wireless directory listing and for the sale of wireless telephone numbers. Individuals can revoke their consent to listing at any time, and carriers could not charge consumers for listing or for revoking a listing. AB 1733 also allows individuals to bring suit against those who deliberately violate the protections. The bill passed the Senate and Assembly and is awaiting Governor Schwarzenegger's signature. EPIC testimony on Wireless Directory Privacy: http://www.epic.org/privacy/wireless/dirtest_904.html Wireless 411 Privacy Act: http://thomas.loc.gov/cgi-bin/bdquery/z?d108:s.1963: California AB 1733: http://www.epic.org/redirect/ab1733.html ====================================================================== [4] EPIC Challenges Dismissal of Privacy Claim Against Northwest ====================================================================== In a petition for review filed this week, EPIC urged the Department of Transportation to reverse its recent decision that Northwest Airlines did not break the law when it disclosed millions of passenger records to NASA. EPIC charged that Northwest Airlines commited an unfair and deceptive trade practice by giving passengers' personal information to the agency in direct violation of its privacy policy. EPIC's petition argued that Northwest's Internet privacy policy assured its customers that their sensitive personal information would remain protected unless the airline had a legal obligation to share the data with the government. The policy promised customers: "As a User of nwa.com Reservations you are in complete control of your travel planning needs. This includes controlling the use of information you provide to Northwest Airlines, its airline affiliates, and WorldPerks partners." According to EPIC's appeal, Northwest violated that agreement when it voluntarily released passenger records to NASA for use in a now-defunct data mining study. In an order dated September 10, the Department of Transportation initially dismissed the complaint. The Department, which has publicly stated that it "encourages self-regulation as the least intrusive and most efficient means of ensuring the privacy of information provided by consumers to airlines," proclaimed that in this case "Northwest has not violated its privacy policy, and . . . if it did, such a violation does not warrant the initiation of enforcement proceedings." In its petition filed September 20, EPIC asserted that that the government blatantly ignored the established test for deceptive trade practices in declining to find that Northwest violated its privacy policy. The petition asks the Department to reverse its dismissal, apply the proper legal standard to the Northwest violation, and enforce the airline's privacy policy. EPIC's petition for review of the Department of Transportation's order: http://www.epic.org/privacy/airtravel/nasa/nwa_petition.pdf The Department of Transportation's order dismissing EPIC's complaint against Northwest: http://www.epic.org/privacy/airtravel/nasa/dot_order.pdf For more information, see EPIC's Northwest disclosure page: http://www.epic.org/privacy/airtravel/nasa ====================================================================== [5] EPIC Testifies on Voting and Privacy ====================================================================== EPIC Senior Policy Analyst Lillie Coney testified before the Election Assistance Commission's Technical Guidelines Development Committee on September 22 on the importance of voter privacy. Coney noted that the delicate balance between the state's right to ensure that intimidation and election fraud are not present in public elections and the voter's right to privacy have resulted in the development of the secret ballot and restricted zones around voting compartments. Because of the documented history of voter intimidation, coercion, and fraud associated with third party knowledge of how individual voters cast their ballots, it is important not to underestimate the importance of voter privacy. However, attempts to address fraud have led to voter intimidation and stringent measures to screen out illegal voters, which result in legitimate voters being denied their right to vote. Coney noted that elections systems rely on voluntary participation of poll workers and voters. The major challenge of election systems is to create ease of use in a process that is done very infrequently. At most the greatest voter participation is seen during presidential election years, which occur once every four years. Recent reports of poll workers struggling to deal with malfunctioning voting technology is not new to paperless DRE voting machines. In the Florida 2000 presidential election poll workers did not take malfunctioning punchcard voting machines out of service. It was reported that 20 [punchcard voting] machines in two Miami-Dade County precincts with the highest rate of discarded punchcard ballots did not show votes for at least some candidates during a test-vote minutes before polls opened on November 7. Poll workers provide the human judgment used in a gatekeeper function to determine who may vote in public elections. There is very little if any due process accorded to voters who are judged to be invalid. Unfortunately, the experience for voters who are in the "out group" -- minorities, new citizens, language minorities, and disabled voters -- are most at risk of being disenfranchised. Those voters not identified with by poll workers often find the hurdles to voting are much higher and problematic. For example, in the State of Florida voters erroneously included on a list of felons, who are prevented by state law to vote, were predominately minority. The subjective nature of the polling operation meant that some poll workers were able to recognize the errors on the list and allowed voters to vote, while others could or would not allow these individuals to vote. As little as possible should rely upon the subjective judgment of poll workers, as gatekeepers to the ballot box, but the focus should be on facilitating participation in the election process. According to the CalTech MIT Study "Voting: What Is What Could Be," between 4 and 6 million votes were lost in the 2000 election. The study attributed the loss to problems with voter registration or polling place practices and problems with ballots. In response to this situation, the Help America Vote Act became law. This legislation made it a priority to making voting more accessible for all voters, especially those with disabilities or who were language minorities. Although the law requires only one accessible voting machine per polling location, many states have interpreted that to mean touchscreen direct recording electronic (DRE) voting machines and have adopted the technology universally for all voters and voting locations used on Election Day. The greatest privacy benefits of DRE voting machines accrue to those who are visually disabled, language minorities, or have literacy challenges. Critics of paperless DRE voting technology acknowledge the apparent usability benefits to some voters, but point to a critical vulnerability in their design. Another privacy concern is presented by the implementation of the voter interface, which on some machines is done at nearly a 75-80-degree angle to the horizontal. Current machine set up in polling locations requires that the machines be in full view of the poll workers. This is done in such a manner that the display screen is exposed to those present in the polling location, including other voters. If the restricted space around DRE voting machines is too small, this would also threaten voter privacy. The hearing was an opportunity for the committee charged with making recommendations on voluntary standards for election systems and voting technology. The committee is expected to make its recommendations to the full Election Assistance Commission board sometime next summer for adoption and implementation in 2006. EPIC's testimony on voting and privacy: http://www.epic.org/privacy/voting/Voting_Statement.pdf National Committee for Voting Integrity: http://www.votingintegrity.org For more information about electronic voting, see EPIC's Voting Page: http://www.epic.org/privacy/voting ====================================================================== [6] News in Brief ====================================================================== EPIC FILES SUIT AGAINST CENSUS, HOMELAND SECURITY EPIC has filed suit against two federal agencies for failing to respond to Freedom of Information Act appeals regarding law enforcement requests for completed census questionnaires or other census data. The Census Bureau responded to EPIC's initial Freedom of Information request with, among other things, a series of emails between Census and the Department of Homeland Security's Customs and Border Protection concerning special tabulations that Census eventually created for Customs concerning people of Arab ancestry. However, at Customs' request, all but one of its communications to Census were blacked out. The disclosure also did not indicate whether any other relevant communications were located but withheld. EPIC appealed the decision to withhold this information to both Census and Customs, and was forced to file suit when it did not receive a determination from either agency within the time frame required by law. EPIC's complaint: http://www.epic.org/privacy/census/foia/complaint.pdf For more information about the documents obtained by EPIC from the Census Bureau, see EPIC's Census FOIA page: http://www.epic.org/privacy/census/foia COURT SAYS GOVERNMENT MUST MAKE ID ARGUMENTS PUBLICLY The Ninth Circuit Court of Appeals rejected the Department of Justice's request to seal from public view its arguments supporting an unpublished federal regulation requiring passengers to show identification before boarding airplanes. The Justice Department filed a motion requesting the court to reconsider, and informed the court that while it intends to file its brief in Gilmore v. Ashcroft by its September 29 deadline, the brief will not contain the information it wishes to keep secret, including whether the federal regulation even exists. The agency sought to make its argument in front of a closed court without appellant John Gilmore or his counsel present. EPIC has filed an amicus brief in the case, arguing that meaningful judicial review is necessary to prevent the government from imposing a secret, vague law upon the public in violation of constitutional due process rights. Gilmore v. Ashcroft web site: http://www.gilmorevashcroft.com EPIC's amicus brief in Gilmore v. Ashcroft: http://www.epic.org/privacy/airtravel/gilmore_amicus.pdf For more information about air travel privacy, see EPIC's Passenger Profiling page: http://www.epic.org/privacy/airtravel/profiling SPYWARE PRIVACY BILL ADVANCES IN SENATE The Senate Commerce Committee has unanimously approved the Software Principles Yielding Better Levels of Consumer Knowledge (SPY BLOCK) Act, an anti-spyware bill which would prohibit the surreptitious installation of software on computers. If approved by the full Senate, the legislation will not allow software vendors to use misleading means to induce consumers to install software, prohibit software that prevents reasonable efforts to uninstall or disable it, and outlaw installing software that automatically collects and transmits information about the user without permission. In June, the House Energy and Commerce Committee passed a similar anti-spyware bill entitled the Securely Protect Yourself Against Cyber Trespass Act (SPY Act). Software Principles Yielding Better Levels of Consumer Knowledge Act: http://thomas.loc.gov/cgi-bin/bdquery/z?d108:s.2145: Securely Protect Yourself Against Cyber Trespass Act: http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.2929: HOUSE PASSES BILL TO CRIMINALIZE INACCURATE DOMAIN REGISTRATIONS The House of Representatives has passed a bill that imposes fines and prison terms of up to seven years upon individuals who intentionally provide inaccurate personal information to register an Internet domain, and then use that information to commit a felony such as spamming or copyright infringement. The legislation would not penalize individuals who provide false registration information simply to keep their identitities anonymous or protect their information from spammers and criminals. The bill now moves to the full Senate for consideration. Fraudulent Online Identity Sanctions Act: http://thomas.loc.gov/cgi-bin/bdquery/z?d108:h.r.3754: CHICAGO PLANS SYSTEM TO UNIFY 2,000 PUBLIC CAMERAS Chicago will link more than 2,000 cameras located in public places throughout the city in a network intended to spot emergencies and suspicious behavior, Mayor Richard Daley announced earlier this month. Most of the cameras are already installed and in use, with approximately 1,000 located at O'Hare International Airport and others positioned in public locations such as schools and train platforms. The city will install an additional 250 cameras, most of them downtown in areas the city considers high risk. For more information about video surveillance, see Observing Surveillance: http://www.observingsurveillance.org ====================================================================== [7] EPIC Bookstore: Litigation Under the Federal Open Government Laws ====================================================================== JUST PUBLISHED! Litigation Under the Federal Open Government Laws 2004 (EPIC 2004), 572 pages, $40.00. http://www.epic.org/bookstore/foia2004 "Deserves a place in the library of everyone who is involved in, or thinking about, litigation under the Freedom of Information Act." - Steve Aftergood Federation of American Scientists This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. EPIC has published the book jointly with Access Reports and the James Madison Project. This 22nd edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. The book draws upon the expertise of practicing attorneys who are recognized leaders in the field. This edition includes recent case developments, including an analysis of the Supreme Court's decision in Favish, and an index to key terms. Appendices include the text of the relevant acts and sample pleadings for litigators. Litigation Under the Federal Open Government Laws 2004 adheres to the same high standards as previous editions and is intended as a guide for Freedom of Information requesters and plaintiff litigators. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual. Order Litigation Under the Federal Open Government Laws 2004 using EPIC's secure order form: https://bookstore.epic.org ================================ EPIC Publications: "FOIA 2004: Litigation Under the Federal Open Government Laws," Harry Hammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price: $40. http://www.epic.org/bookstore/foia2004 This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 22nd edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, as well as recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2003: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2003). Price: $40. http://www.epic.org/bookstore/pls2003 The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "Privacy & Human Rights 2003: An International Survey of Privacy Laws and Developments" (EPIC 2002). Price: $35. http://www.epic.org/bookstore/phr2003 This survey, by EPIC and Privacy International, reviews the state of privacy in over fifty-five countries around the world. The survey examines a wide range of privacy issues including data protection, passenger profiling, genetic databases, video surveillance, ID systems and freedom of information laws. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/bookstore/crypto00& EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ====================================================================== [8] Upcoming Conferences and Events ====================================================================== Nethead/Bellhead: The FCC Takes on the Internet. Cardozo Law School Florsheimer Center for Constitutional Democracy and the Yale Law School Information Society Project. September 28, 2004. New York, NY. For more information: http://www.cardozobellhead.net. IAPP Privacy and National Security Forum. International Association of Privacy Professionals. September 30, 2004. Washington, DC. For more information: http://www.privacyassociation.org/html/conferences.html. The Internet and the Law -- A Global Conversation. Law & Technology Program, University of Ottawa. Ottawa, Ontario. October 1-2, 2004. For more information: http://web5.uottawa.ca/techlaw/symposium.php?idnt=99&v=22. 2004 Telecommunications Policy Research Conference. National Center for Technology & Law, George Mason University School of Law. October 1-3, 2004. Arlington, VA. For more information: http://www.tprc.org/TPRC04/call04.htm. Health Privacy Conference. Office of the Information and Privacy Commissioner of Alberta. October 4-5, 2004. Calgary, Alberta, Canada. For more information: http://www.oipc.ab.ca/home/DetailsPage.cfm?ID=1453. IAPP Entertainment and Privacy Forum. International Association of Privacy Professionals. October 7, 2004. Los Angeles, CA. For more information: http://www.privacyassociation.org/html/conferences.html. Privacy and Identity: The Promise and the Perils of a Technological Age. DePaul University Center for Intellectual Property Law and Information Technology and School of Computer Science, Telecommunications and Information Systems. October 14-15, 2004. Chicago, IL. For more information: http://facweb.cs.depaul.edu/research/vc/CIPLIT2004. 2004 CPSR Annual Conference: Making the Grade?: A Report Card on US Policies for the Information Society. Computer Professionals for Social Responsibility. October 16, 2004. Washington, DC. For more information: http://cpsr.org/conferences/annmtg04. 2004 Big Brother Awards Switzerland. October 16, 2004. Lucerne, Switzerland. For more information: http://www.bigbrotherawards.ch. DRM 2004: The Fourth ACM Workshop on Digital Rights Management. Association for Computing Machinery Special Interest Group on Security, Audit and Control. October 25, 2004. Washington, DC. For more info: http://mollie.engr.uconn.edu/DRM2004. 2004 Big Brother Awards Austria. October 26, 2004. Vienna, Austria. For more information: http://www.bigbrotherawards.at. Private and Private International Law Issues Raised by Electronic Commerce. The Hague Conference on Private International Law, the Netherlands Government and the International Chamber of Commerce. October 26-27, 2004. The Hague, Netherlands. For more information: http://www.hcch.net/doc/e-comm_infoe.pdf. IAPP Privacy and Data Security Academy & Expo. International Association of Privacy Professionals. October 27-29, 2004. New Orleans, LA. For more information: http://www.privacyassociation.org/html/conferences.html. Privacy and Security: Seeking the Middle Path. Office of the Information & Privacy Commissioner of Ontario; Centre for Innovation Law and Policy, University of Toronto; and Center for Applied Cryptographic Research, University of Waterloo. Toronto, Ontario, Canada. October 28-29, 2004. For more information: http://www.epic.org/redirect/uwaterloo_conf.html. 2004 Big Brother Awards Germany. October 29, 2004. Bielefeld, Germany. For more information: http://www.bigbrotherawards.de. The 2004 Isaac Pitblado Lectures: Privacy -- Another Snail in the Ginger Beer. The Law Society of Manitoba, The Manitoba Bar Association and the University of Manitoba Faculty of Law. November 19-20, 2004. Manitoba, Canada. For more information: http://www.lawsociety.mb.ca/shopping/default.asp. National Security, Law Enforcement and Data Protection. British Institute of International and Comparative Law Data Protection Research and Policy Group. December 8, 2004. London, UK. For more information: http:www.biicl.org. Seventh International General Online Research Conference. German Society for Online Research. March 22-23, 2005. Zurich, Switzerland. For more information: http://www.gor.de. CFP2005: Fifteenth Annual Conference on Computers, Freedom and Privacy. April 12-15, 2005. Seattle, WA. For more information: http://www.cfp2005.org. ====================================================================== Subscription Information ====================================================================== Subscribe/unsubscribe via web interface: https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ====================================================================== Privacy Policy ====================================================================== The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ====================================================================== About EPIC ====================================================================== The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 11.18 ---------------------- .