EPIC logo

                             E P I C  A l e r t
Volume 12.07                                              April 7, 2005

                             Published by the
                Electronic Privacy Information Center (EPIC)
                             Washington, D.C.


Table of Contents

[1] Congress Holds Hearings to Review USA PATRIOT Act
[2] Commercial Data Brokers Grilled at California Hearing
[3] EPIC Urges Privacy Safeguards for RFID and Copyright Technology
[4] Spotlight: Homeland Security's Access Card Less Than Secure
[5] Education Agency's Student Tracking Proposal Opposed
[6] News in Brief
[7] EPIC Bookstore: Michael Caloyannides's Privacy & Computer Forensics
[8] Upcoming Conferences and Events

[1] Congress Holds Hearings to Review USA PATRIOT Act

This week Congress began reviewing the USA PATRIOT Act, some
controversial provisions of which are slated to sunset at the end of
this year unless Congress moves to reauthorize them. The Senate and
House Judiciary Committees each heard Attorney General Alberto Gonzales
defend the law and argue for renewal of its expiring provisions. The
committees will continue to hold hearings through April and part of May
on issues such as the FBI's wiretap authority and access to business

Senate committee members grilled Gonzales and FBI Director Robert
Mueller on the law's broad definition of terrorism, as well as the
standards the FBI must meet to obtain sneak-and-peek search warrants,
which allow the government to delay notifying the target of an
investigation that a search has happened. The Senate committee's
chairman, Sen. Arlen Specter, pressed Gonzales and Mueller on whether
the standards of proof the government must show in foreign intelligence
investigations should be more stringent. After the hearing, Sens. Larry
Craig and Dick Durbin announced plans to introduce legislation to roll
back parts of the law.

In the House committee hearing, Gonzales was questioned sharply about
its actions in the wake of the 9/11 terrorist attacks, such as secret
immigration hearings. Gonzales conceded that "there were mistakes

Most sunsetting provisions of the USA PATRIOT Act expanded either
federal wiretap law, which governs law enforcement interception of and
access to communications in criminal investigations, or the secretive
Foreign Intelligence Surveillance Act (FISA), which regulates the FBI's
collection of "foreign intelligence" information for intelligence
purposes. One of the most hotly debated provisions of the USA PATRIOT
Act allows the FBI to get a court order to obtain "any tangible things"
relevant to an investigation of foreign intelligence or international
terrorist activities. People served with a warrant under this provision
are not allowed to disclose the existence of the warrant or the fact
that records or items were provided to the government. Documents
obtained by EPIC under the Freedom of Information Act last year showed
that this authority can be used to obtain items such as apartment keys,
and that the FBI can collect information about innocent people under
this provision.

Congress included a sunset provision in the USA PATRIOT Act so that it
would have an opportunity to review the government's more extreme
investigative powers at a less emotionally charged time. However,
little information has been made public on how the FBI is using its
authority under the USA PATRIOT Act. As Sen. Patrick Leahy said in
his statement during the Senate Judiciary Committee's oversight hearing,
"we have heard over and over again that there have been no abuses as a
result of the PATRIOT Act. But it is difficult, if not impossible, to
verify that claim when some of the most controversial surveillance
powers in the PATRIOT Act operate under a cloak of secrecy."

Last month, EPIC submitted a Freedom of Information Act request to the
FBI seeking information about how the agency has used its expanded power
under the expiring provisions of the Act. EPIC argued for expedited
processing, noting the importance of such information to the public and
congressional debate surrounding the renewal of these authorities. EPIC
has also posted a Web page on the sunsetting provisions of the law.

USA PATRIOT Act documents obtained by EPIC under the Freedom of
Information Act are available at:


Statement of Senator Leahy, Senate Judiciary Committee Hearing on
Oversight of the USA PATRIOT Act:


Senate Judiciary Committee hearing "Oversight of the USA PATRIOT Act":


House Judiciary Committee hearing "USA PATRIOT Act: A Review for the
Purpose of Its Reauthorization."


EPIC's FOIA request to the FBI (pdf):


EPIC's USA PATRIOT Sunset page:



[2] Commercial Data Brokers Grilled at California Hearing

California State Sen. Jackie Speier put Choicepoint, LexisNexis, and
Acxiom in the hot seat at a hearing before the State's Senate Banking
Committee. All three companies have had major privacy breaches in the
last two years. Speier, who chairs the committee, asked a series of
hard-hitting questions probing why Choicepoint did not disclose its
data breach sooner and how all the companies' systems were compromised.
Speier also expressed skepticism concerning the data brokers' definition
of "sensitive" information, which the industry defines as Social
Security Numbers and driver's license numbers. When these same
identifiers appear in public records, LexisNexis treats them as
non-sensitive, and sells them to the company's clients. Speier stated
that the identifiers were "indeed sensitive to most people in this
nation...[the commercial data brokers' definition of
"sensitive"]...doesn't reflect reality."

The hearing began with testimony from Elizabeth Rosen, a California
nurse whose information was sold to criminals by Choicepoint. Rosen
explained in detail her frustration with Choicepoint, because the
company would not provide her with her full profile. A portion of her
file that she did receive had errors on almost every page: multiple
incorrect addresses; that she owned companies, including a deli; and
that she maintained a private mailbox at Mailboxes Etc. Senator Alan
Lowenthal asked Choicepoint why the company wouldn't give Rosen the same
information the company had sold to criminals, but the Choicepoint
representative didn't directly answer the question.

EPIC West Director Chris Jay Hoofnagle's testimony before the committee
focused on three issues. First, Mr. Hoofnagle emphasized that the
legislature should approach the commercial data broker issue primarily
as a privacy problem rather than a security issue. Mr. Hoofnagle's
testimony highlighted the Choicepoint subscriber agreement, which
includes categories for a wide range of businesses considered qualified
for access to personal data. They include: attorneys, banking,
financial, retail, wholesale, insurance, human resources, security
companies, process servers, news media, bail bonds, and "other." Even if
Choicepoint and other data brokers sold personal information in a secure
way, the base problem is that the company continues to sell personal
information to this wide array of businesses.

Second, Mr. Hoofnagle highlighted the difference between Choicepoint's
regulated information services, such as employment and tenant screening
services, and the company's unregulated "public records" reports.
Legislative attention should be focused on these unregulated information
products. Mr. Hoofnagle told legislators that Choicepoint plays a "shell
game" with its products--Choicepoint representatives don't always
specify in policy debates whether they are discussing their regulated or
unregulated reports, thus confusing the public and lawmakers.

Finally, Mr. Hoofnagle suggested that California legislators take swift
action to address data brokers by following a framework authored by
George Washington University Law School Professor Daniel Solove and Mr.

Choicepoint apologized for selling personal information to criminals,
and announced a series of reforms. The company will no longer sell
"sensitive" personal information to small businesses. Small businesses
will still be able to buy Choicepoint reports, but it appears that
Social Security Numbers will be truncated in some fashion. The company
will still sell its full reports to big businesses and federal, state,
and local law enforcement agencies (Choicepoint has contracts with 7,000
law enforcement agencies). The company also announced that it is working
on a system to provide access to all of its information products.
However, individuals will not be able to correct their "public records"
reports. Choicepoint also announced that the company could automatically
redact SSNs that appear in public records.

Pam Dixon of the World Privacy Forum previewed a report on commercial
data brokers that reveals a very high error rate in personal information
reports. In her sample, 90% of the reports obtained contained errors;
frequently these errors were serious, such as individuals being
identified by the wrong sex. Dixon also told legislators that companies
are using "anti-fraud" loopholes in privacy law to justify expansive
information use.

EPIC West Testimony on Commercial Data Brokers:


Model Privacy Regime Version 2.0 by Daniel Solove and Chris Hoofnagle:


[3] EPIC Urges Privacy Safeguards for RFID and Copyright Technology

EPIC and other civil liberties groups have filed comments urging the
State Department to abandon its plans to require RFID passports for all
American travelers. The comments state that the proposal is flawed
because the agency lacks legal authority to require RFID travel
documents. The proposal also lacks evidence to support that RFID-enabled
passports are necessary or that their benefits outweigh the
security risks inherent in having the data in a contactless and
unencrypted format. Also, the State Department failed to conduct a
privacy impact assessment of the new technology as mandated by law.

In earlier comments to the working document on RFID technology of the
Article 29 Working Group, an association of leading European privacy
officials, EPIC recommended strong safeguards for RFIDs, and prohibition
of "chipping" people and using unencrypted RFID passports. Furthermore,
strong privacy standards (like EPIC's own RFID Privacy Guidelines)
should be used when RFID tags are placed on consumer products in the
retail environment.

In other comments to the same Working Group on digital rights management
systems (DRM), EPIC and the Yale Law School Information Society Project
focused on the intersection of copyright protection and user's privacy.
(DRM systems track the online use of digital works.) After showing how
DRM designs invade the privacy of digital media users, the comments
recommended strict enforcement of data protection regulations already in

EPIC, EFF et al, Comments on RFID passports (pdf):


EPIC Comments on RFID to the Article 29 Working Group (pdf):


EPIC and Yale Law School, Comments on DRM to the Article 29 Working
Group (pdf):


EPIC's RFID page:


EPIC's VeriChip page:


EPIC's DRM page:


[4] Spotlight: Homeland Security's Access Card Less Than Secure

President Bush's proposed $2.57 trillion federal budget for Fiscal Year
2006 greatly increases the amount of money spent on surveillance
technology and programs while cutting about 150 programsómost of them
from the Department of Education. EPIC's "Spotlight  on Surveillance"
project scrutinizes these surveillance programs.

This month, EPIC evaluates the Department of Homeland Security's new
employee access card and finds significant security risks. The wireless
technologies linked to the Department of Homeland Security Access Card
(DAC) leave employees' personal information vulnerable to access by
criminals. Also, the Department further exposes the card by its broad
expansion of the card's function to turn it into a payment device, one
that would be used several times a day in unsecured locations such as
Metro train stations.

Beginning in May and through the end of the year, Homeland Security will
issue the DAC to 40,000 of its 180,000 employees and contractors. The
DAC is about the size of a credit card and will carry a digital copy of
the cardholder's fingerprint as well as other information.  The
Department requests $6 million for  the DAC program  in FY 2006, and
each card costs about $8.50

Homeland Security has assumed that there will be some problems with the
biometric identifier system on the DAC. The Department has a backup
system built into the cardóif the fingerprint identification fails, then
the employee can gain access by using a 6- to 8- digit PIN. By allowing
alternate access through the PIN, Homeland Security creates all of the
vulnerabilities associated with allowing complete access to secure areas
and information through one password. This is a significant security
risk, as a criminal could bypass the biometric identification system by
simply learning the PIN. Even without the PIN bypass there are risks to
equipping the card with the power to access not only the Department of
Homeland Security's resources, but also those of local, state and other
federal government entities.

Department of Homeland Security's DAC site:


EPIC's Spotlight on Surveillance page:


EPIC's Biometrics page:


[5] Education Agency's Student Tracking Proposal Opposed

The National Center for Educational Statistics (NCES), part of the
Department of Education, has published a feasibility study on the
renewal of the postsecondary education statistic that would lead to the
creation of a "database of millions of students records." The report
examined the feasibility of implementing a student unit record system.
The study proposed replacing the existing Integrated Postsecondary
Education Data System (IPEDS), which is based on institution-level
aggregate data, with a system that requires individualized raw data
about every student at American collegiate institutions.

Today, student unit record data is only collected on by the federal
government if a student receives federal student loans. Under the NCES
proposal all public and private universities and colleges would be
required to submit their student data for the NCES database. Each
student's unit record contains 40 personal items, notably the student's
Social Security Number or Individual Taxpayer Identification Number,
date of birth, gender, race and permanent address. The feasibility study
proposed that "[i]ndividual identifiable data  would remain within the
permanent storage system" and have "new records added every year."

Department of Education officials have repeatedly complained about the
statistics' inability to depict modern trends in higher education.
Present postsecondary education statistics are not sensitive to
non-traditional students because IPEDS is only designed to collect data
on full-time students. The rationale for requiring students with no
relationship with the Department of Education to provide the NCES with a
complete track record of their higher education pursuits is
questionable. EPIC and other privacy groups stated that statistical
purposes alone are not strong enough reasons to infringe upon students'
rights to educational privacy.

Under the USA PATRIOT Act, the US Attorney General and the Department of
Justice would have access to this comprehensive federal student
database. There is also the strong possibility that such a database
would suffer from mission creep--the information gathered would be used
for non-statistical purposes.

The United States Student Association opposes the creation of database.
According to the USSA, "There are few protections offered for students
under this proposal. They donít have the opportunity to opt out, even
students who donít receive federal student aid." The National
Association of Independent Colleges & Universities also objects to its
creation. The NAICU said, "We do not believe that the price for
enrolling in college should be permanent entry into a federal registry,
and we fear that the existence of such a massive registry will prove
irresistible to future demands for access to the data for
non-educational purposes."

Katherine Haley Will, the President of Gettysburg College, warned
recently that "The potential for abuse of power and violation of civil
liberties is immense. The database would begin with 15 million-plus
records of students in the first year and grow. These student records
would be held by the federal government for at least the life of the

Congress will likely consider the recommendations of the NCES
feasibility study during debates about the reauthorization of the Higher
Education Act. However, lawmakers showed great reluctance to implement a
vast student record database during passage of the No Child Left Behind
Act. In that Act, Congress explicitly prohibited the development of a
nationwide database of personally identifiable information on children
from kindergarten through high school.

NCES's Feasibility of a Student Unit Record System Within the Integrated
Postsecondary Education Data System: http://nces.ed.gov/pubsearch/pubsinfo.asp?pubid=2005160 NAICU Issue Summary: Student Unit Record Data: http://www.naicu.edu/HEA/UnitRecord-NAICUIssueSummary.shtml "Alma Mater As Big Brother," The Washington Post, March 29, 2005 http://www.washingtonpost.com/wp-dyn/articles/A8331-2005Mar28.html EPIC's Student Privacy page: http://www.epic.org/privacy/student/ ======================================================================== [6] News in Brief ======================================================================== Reports Scrutinize Secure Flight, Agency's Passenger Data Practices The Government Accountability Office recently released a report on the
Secure Flight passenger prescreening proposal, concluding that the
Transportation Security Administration still has many issues to address
before the feasibility of the program can be known, though the agency
plans to launch the program in August. The report, commissioned by
Congress, stated that the office could not evaluate a number of aspects
of Secure Flight including the effectiveness of the system, the accuracy
of intelligence data that will determine whether passengers may fly,
safeguards to protect passenger privacy, and the adequacy of redress for
passengers who are improperly flagged by the program. In related news, the Department of Homeland Security Inspector General
issued findings on the TSA's role in collecting and disseminating
airline passenger data to third party agencies and companies. The report
revealed that the agency has been involved in 14 transfers of data
involving more than 12 million passenger records. The Inspector General
found, among other things, that "TSA did not consistently apply privacy
protections in the course of its involvement in airline passenger data
transfers." Furthermore, TSA did not accurately represent to the public
the scope of its passenger data collection and use. Government Accountability Office, Aviation Security: Secure Flight
Development and Testing Under Way, but Risks Should Be Managed as System
is Further Developed (pdf): http://www.gao.gov/new.items/d05356.pdf Department of Homeland Security Inspector General, Review of the
Transportation Security Administration's Role in the Use and
Dissemination of Airline Passenger Data: http://www.epic.org/redirect/igdhsreport.html EPIC's Secure Flight page: http://www.epic.org/privacy/airtravel/secureflight.html EU Asks US to Delay Deadline for Biometric Passports Requirement The European Union has asked the US to delay the deadline for the
requirement that visitors entering the country without visas hold a
passport with a biometric identifier. European Justice Commissioner
Franco Frattini has written to Congress asking for the October 2005
deadline to be pushed back to August 2006. Frattini says that it is
taking longer than expected to address interoperability and security
issues with the biometric readers, and that only six EU countries are in
a position to meet the October deadline. If the US agrees to the demand,
it will be the second extension to the biometric passport deadline. EPIC's Biometrics page: http://www.epic.org/privacy/biometrics/
EPIC Supports WHOIS Privacy Campaign EPIC has joined with Go Daddy and others to urge a federal agency to
restore the right of Internet users to maintain private Web site
registrations. In February, the National Telecommunication and
Information Administration disallowed private registrations for .US
domain names, without a hearing, rulemaking, or public debate. The
action undercuts online privacy, puts individuals at risk, and
threatens Constitutional values. Sign the petition at: http://www.thedangerofnoprivacy.com/ EPIC's WHOIS page: http://www.epic.org/privacy/whois/ ======================================================================== [7] EPIC Bookstore: Michael Caloyannides's Privacy & Computer Forensics ======================================================================== Michael A. Caloyannides, Privacy Protection and Computer Forensics (Artech House Publishers 2004) http://www.powells.com/cgi-bin/biblio?inkey=61-1580538304-1 "Going far beyond typical computer forensics books, this thoroughly revised edition of an Artech House bestseller is the only book on the market that focuses on how to protect one's privacy from data theft, hostile computer forensics, and legal action. It addresses the concerns of today's IT professionals, as well as many users of personal computers, offering more detailed "how to" guidance on protecting the confidentiality of data stored on computers. Moreover, the second edition has been updated to include specific information on the vulnerabilities of ancillary computing devices, such as PDAs, cellular telephones and smart cards. This cutting-edge book identifies the specific areas where sensitive and potentially incriminating data is hiding in computers and consumer electronics, and explains how to go about removing this data. The book provides a systematic process for installing operating systems and application software that will help to minimize the possibility of security compromises, and numerous specific steps that need to be taken to prevent the hostile exploitation of one's computer." ================================ EPIC Publications: "Privacy & Human Rights 2004: An International Survey of Privacy Laws and Developments" (EPIC 2004). Price: $35. http://www.epic.org/bookstore/phr2004 This survey, by EPIC and Privacy International, reviews the state of privacy in more than sixty countries around the world. The survey examines a wide range of privacy issues including data protection, passenger profiling, genetic databases, video surveillance, ID systems and freedom of information laws. ================================ "FOIA 2004: Litigation Under the Federal Open Government Laws," Harry Hammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price: $40. http://www.epic.org/bookstore/foia2004 This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 22nd edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, as well as recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2003: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2003). Price: $40. http://www.epic.org/bookstore/pls2003 The "Physicians Desk Reference of the privacy world." An invaluable resource for students, attorneys, researchers and journalists who need an up-to-date collection of U.S. and International privacy law, as well as a comprehensive listing of privacy resources. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ "The Consumer Law Sourcebook 2000: Electronic Commerce and the Global Economy," Sarah Andrews, editor (EPIC 2000). Price: $40. http://www.epic.org/cls The Consumer Law Sourcebook provides a basic set of materials for consumers, policy makers, practitioners and researchers who are interested in the emerging field of electronic commerce. The focus is on framework legislation that articulates basic rights for consumers and the basic responsibilities for businesses in the online economy. ================================ "Cryptography and Liberty 2000: An International Survey of Encryption Policy," Wayne Madsen and David Banisar, authors (EPIC 2000). Price: $20. http://www.epic.org/bookstore/crypto00& EPIC's third survey of encryption policies around the world. The results indicate that the efforts to reduce export controls on strong encryption products have largely succeeded, although several governments are gaining new powers to combat the perceived threats of encryption to law enforcement. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries
of interesting documents obtained from government agencies under the
Freedom of Information Act. Subscribe to EPIC FOIA Notes at: https://mailman.epic.org/cgi-bin/control/foia_notes ====================================================================== [8] Upcoming Conferences and Events ====================================================================== A Brookings Briefing: Offshoring and Privacy: Consumer Data in the Global Economy. April 08, 2005. Washington, DC. For more information: http://www.brookings.edu/comm/events/20050408.htm Private Conduct/Private Places: New Media, Surveillance, Sexuality.
April 8-9, 2005. UC Berkeley. For more information:
http://cnm.berkeley.edu/events_news/index.php RFID Journal LIVE! 2005. April 10-12. Chicago, IL. For more
information: http://www.rfidjournallive.com. Future of Music Coalition DC Policy Day. April 12, 2005 Washington, DC. For more information: http://www.futureofmusic.org/events/dcpolicyday05/ CFP2005: Fifteenth Annual Conference on Computers, Freedom and Privacy. April 12-15, 2005. Seattle, WA. For more information: http://www.cfp2005.org. OECD Workshop on Consumer Dispute Resolution and Redress in the Global Marketplace. April 19-20, 2005. Washington, DC. For more information: http://www.oecd.org/document/33/0,2340,en_2649_34267_34409185_1_1_1_1,00 .html 2005 IEEE Symposium on Security and Privacy. IEEE Computer Society Technical Committee on Security and Privacy in cooperation with The International Association for Cryptologic Research. May 8-11, 2005. Berkeley, CA. For more information: http://www.ieee-security.org/TC/SP2005/oakland05-cfp.html. Sixth Annual Institute on Privacy Law: Data Protection - The Convergence
of Privacy & Security. May 23-24, 2005. Atlanta, Ga. For more
http://www.pli.edu/product/program_detail.asp?ptid=511&stid=3&id= EN00000000019985 SEC2005: Security and Privacy in the Age of Ubiquitous Computing. Technical Committee on Security & Protection in Information Processing Systems with the support of Information Processing Society of Japan. May 30-June 1, 2005. Chiba, Japan. For more information: http://www.sec2005.org. Sixth Annual Institute on Privacy Law: Data Protection - The Convergence of Privacy & Security. June 6-7, 2005. San Francisco, CA. For more information: http://www.pli.edu/ Sixth Annual Institute on Privacy Law: Data Protection - The Convergence of Privacy & Security. June 20-21, 2005. New York, NY. For more information: http://www.pli.edu/ Internet Corporation For Assigned Names and Numbers (ICANN) Meeting. July 11-15, 2005. Luxembourg City, Luxenbourg. For more information: http://www.icann.org. 3rd International Human.Society@Internet Conference. July 27-29, 2005. Tokyo, Japan. For more information: http://hsi.itrc.net. PEP05: UM05 Workshop on Privacy-Enhanced Personalization. July 2005.
Edinburgh, Scotland. For more information:
http://www.ics.uci.edu/~kobsa/PEP05. 5th Annual Future of Music Policy Summit. Future of Music Coalition.
September 11-13, 2005. Washington DC. For more information:
http://www.futureofmusic.org/events/summit05/index.cfm. The World Summit on the Information Society. Government of Tunisia. November 16-18, 2005. Tunis, Tunisia. For more information: http://www.itu.int/wsis. Internet Corporation For Assigned Names and Numbers (ICANN) Meeting. November 30-December 4, 2005. Vancouver, Canada. For more information: http://www.icann.org. ====================================================================== Subscription Information ====================================================================== Subscribe/unsubscribe via web interface: https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ====================================================================== Privacy Policy ====================================================================== The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ====================================================================== About EPIC ====================================================================== The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ---------------------- END EPIC Alert 12.07 ---------------------- .