EPIC logo

  
========================================================================
                           E P I C  A l e r t
========================================================================
Volume 13.24                                            December 1, 2006
------------------------------------------------------------------------

                            Published by the
               Electronic Privacy Information Center (EPIC)
                            Washington, D.C.

             http://www.epic.org/alert/EPIC_Alert_13.24.html


========================================================================
Table of Contents
========================================================================
[1] Proposed Government Database Targets U.S. Citizens
[2] Federal Court: Police Lacked Probable Cause for DNA Warrant
[3] Homeland Security Releases Overdue Privacy Report
[4] ICANN launches Public Comments on WHOIS Task Force Report
[5] Police Shoot UCLA Student with Taser For Failure to Show ID
[6] News in Brief
[7] EPIC Bookstore: George Yee's "Privacy Protection for E-Services"
[8] Upcoming Conferences and Events

========================================================================
[1] Proposed Government Database Targets US.. Citizens
========================================================================

In comments to be filed with the Department of Homeland Security on
Monday, a coalition of organizations and experts in technology and
privacy will urge the federal agency to curtail the "Automated Targeting
System," a federal database that creates secret terrorist ratings  on
tens of millions of American citizens. The problems of the Automated
Targeting System are described in the current EPIC Spotlight on
Surveillance "Customs and Border Protection’s Automated System Targets
U.S. Citizens." Public comments on the proposal will be accepted until
December 4.

The system was originally established to assess cargo that may pose a
threat to the United States. Now the Department of Homeland Security
proposes to use the system to establish a secret terrorism risk profile
for millions of people, most of whom will be U.S. citizens.
Simultaneously, it is seeking to remove Privacy Act safeguards for the
database.

The new description of the database differs significantly from an
earlier one. As recently as March, ATS was described as "a computerized
model that [Customs and Border Protection] officers use as a decision
support tool to help them target oceangoing cargo containers for
inspection." It is unknown when ATS expanded from merely screening
shipping cargo to scrutinizing land and sea travelers. On the same day
as the Homeland Security notice about the proposal to use ATS to target
individuals, the Senate Homeland Security and Governmental Affairs
Committee asked the department for a briefing about ATS.

According to the Department of Homeland Security, ATS assigns a "risk
assessment," which is essentially a terrorist risk rating, to all people
"seeking to enter or exit the United States," "engag[ing] in any form of
trade or other commercial transaction related to the importation or
exportation of merchandise," "employed in any capacity related to the
transit of merchandise intended to cross the United States border," and
"serv[ing] as operators, crew, or passengers on any vessel, vehicle,
aircraft, or train who enters or exits the United States. " In Fiscal
Year 2005, Customs and Border Protection says it "processed 431 million
pedestrians and passengers, 121 million privately owned vehicles, and
processed and cleared 25.3 million sea, rail, and truck containers."

The Automated Targeting System's terrorist risk profiles will be secret,
unreviewable, and maintained by the government for 40 years. The
profiles will determine whether individuals will be subject to invasive
searches of their persons or belongings, and whether U.S. citizens will
be permitted to enter or exit the country. Individuals will not have
judicially enforceable rights to access information about them contained
in the system, nor to request correction of information that is
inaccurate, irrelevant, untimely or incomplete.

The Automated Targeting System was created to screen shipping cargo, but
it has many problems even completing that mission. An August 2006 report
from the House Committee on Homeland Security gave both port and border
security low marks. For port security, the department's grade is a
C-/D+. "There are many gaps remaining in our port security. As some
experts have noted, the current port security regime is a 'house of
cards,' in which containers are often not inspected and the government
does not truly know which containers are 'high risk.'"

EPIC has highlighted the problems inherent in passenger profiling
systems in previous testimony and comments. In testimony before the
National Commission on Terrorist Attacks Upon the United States (more
commonly known as "the 9/11 Commission"), EPIC President Marc Rotenberg
explained, "there are specific problems with information technologies
for monitoring, tracking, and profiling. The techniques are imprecise,
they are subject to abuse, and they are invariably applied to purposes
other than those originally intended."

The public has until the close of business on Monday to submit comments
about the Automated Targeting System.

Department of Homeland Security, Notice of Privacy Act system of
records, 71 Fed. Reg. 64543 (Nov. 2, 2006):

     http://edocket.access.gpo.gov/2006/06-9026.htm

EPIC's October 2006 Spotlight: "Customs & Border Protection's
Automated System Targets U.S. Citizens":

     http://www.epic.org/privacy/surveillance/spotlight/1006/

Government Accountability Office Testimony about problems with ATS (Mar.
30, 2006) (PDF):

     http://www.gao.gov/new.items/d06591t.pdf

EPIC's page on Total Information Awareness:

     http://www.epic.org/privacy/profiling/tia/

========================================================================
[2] Federal Court: Police Lacked Probable Cause for DNA Warrant
========================================================================

In a challenge to a dragnet search in which the DNA samples of more than
600 individuals were collected by the Baton Rouge police department, the
Fifth Circuit Court of Appeals has reversed a lower court and held that
the DNA search warrant lacked probable cause. EPIC submitted a "friend
of the court" brief arguing that DNA dragnets are unconstitutional and
ineffective.

In 2002, police investigating a series of rapes and murders near Baton
Rouge, Louisiana, conducted a DNA dragnet. Shannon Kohler was one of the
men approached by police. When he refused to provide one, he was served
with a seizure warrant, forcing him to provide a sample. Kohler was
later identified by police and news media as a suspect in the search for
the serial killer.

After Mr. Kohler was cleared of wrongdoing in the investigation, he
filed a suit against the Baton Rouge police, claiming that they lacked
probable cause to obtain the warrant and that his DNA sample should be
destroyed. In February 2005, a federal district court ruled against him,
saying that police had probable cause based on two anonymous tips and
the fact that Mr. Kohler met "certain elements of an FBI profile," which
the court itself characterized as "so broad and vague that it cast a net
of suspicion over thousands of citizens." The Fifth Circuit Court of
Appeals reversed this decision and rejected the government's claim that
it should consider a vague FBI profile to support the warrant
application.

About the factors that provided the basis for the warrant, the Fifth
Circuit said, "These two traits are so generalized in nature that
hundreds, if not thousands, of men in the Baton Rouge area could have
possessed them, and they are, therefore, insufficient to warrant the 
belief that Kohler was the serial killer. . . . Moreover, the cases in
which profile factors have been used to support a finding of probable cause
have involved a greater correlation between the profile and the suspect
and far more specific evidence linking the suspect to the crime being
investigated. Accordingly, we conclude that the district court erred in
finding that the seizure warrant was supported by probable cause."

EPIC's amicus brief points out that DNA dragnets have been extremely
ineffective in catching criminals, while the widespread collection of
DNA samples erodes the privacy rights of thousands. The brief urges that
clear guidelines be established before the police engage in this
investigative practice.

Opinion of the Fifth Circuit Court of Appeals (PDF):

     http://www.ca5.uscourts.gov/opinions/pub/05/05-30541-CV0.wpd.pdf

EPIC's page on Kohler v. Englade:

     http://www.epic.org/privacy/kohler/default.html

EPIC's amicus brief in Kohler v. Englade (PDF):

     http://www.epic.org/privacy/kohler/amicus.pdf

EPIC's Page on Genetic Privacy:

     http://www.epic.org/privacy/genetic/

========================================================================
[3] Homeland Security Releases Overdue Privacy Report
========================================================================

The Department of Homeland Security Privacy Office has released its
report on the Privacy Office's activities over the past two years. The
law creating the Department of Homeland Security requires the Privacy
Office to issue a report every year, but the report was delayed without
explanation for a year and a half.

The Homeland Security Act of 2002, § 222, gave the Secretary of Homeland
Security the responsibility to "appoint a senior official in the
Department to assume primary responsibility for privacy policy." The
responsibilities of the Chief Privacy Officer include: (1) assuring that
the use of technologies sustain, and do not erode, privacy protections
relating to the use, collection, and disclosure of personal information;
(2) assuring that personal information contained in Privacy Act systems
of records is handled in full compliance with fair information practices
as set out in the Privacy Act of 1974; (3) evaluating legislative and
regulatory proposals involving collection, use, and disclosure of
personal information by the Federal Government; (4) conducting a privacy
impact assessment of proposed rules of the Department or that of the
Department on the privacy of personal information, including the type of
personal information collected and the number of people affected; and
(5) preparing a report to Congress on an annual basis on activities of
the Department that affect privacy, including complaints of privacy
violations, implementation of the Privacy Act of 1974, internal
controls, and other matters.

The report discusses general efforts the Privacy Office has made since
July 2004 to "embed" privacy considerations into the evaluation
processes in the Department of Homeland Security, but there is no
information on whether these efforts have succeeded in reducing threats
to Americans' privacy. The report is lighter on specifics than the
previous report, covering through June of 2004. The new report discusses
the Privacy Office's work with airport and immigration screening, but it
ignores recent programs like video surveillance of public spaces.

The report identifies several privacy problems in DHS programs. In 2005
Congress ordered the Government Accountability Office to investigate the
Transportation Security Administration's airline passenger screening
programs. The GAO found significant problems with handling of personal
information and violations of privacy laws. The GAO turned its findings
over to the Privacy Office, which then did its own investigation. The
Privacy Office claims to have continued its work with the TSA to resolve
these issues. However, the report did not resolve EPIC's concerns about
TSA redress procedures -- namely that citizens do not have the right to
litigate to ensure their records are correct or even to view their
records.

The Department of Homeland Security has received wide criticism for its
identification card programs, many of which use radio frequency
identification technology. The Privacy Office's report did not mention a
draft report by the Department of Homeland Security Data Privacy and
Integrity Advisory Committee also recommending against the use of RFID
in identification documents. "RFID appears to offer little benefit when
compared to the consequences it brings for privacy and data integrity,"
the committee said.

Earlier this year, EPIC wrote to the Department of Homeland Security to
urge the release of the report. Then President Bush issued a statement
in which he said the "executive branch shall construe section 522 of the
Act, relating to privacy officer reports, in a manner consistent with
the President's constitutional authority to supervise the unitary
executive branch." The White House influence on federal privacy policy
can be found in Section V of the agency's report.

Congress will be able to use the new report to evaluate the Privacy
Office's performance.

DHS Chief Privacy Officer Report Covering July 2004 to July 2006 (PDF):

     http://www.epic.org/privacy/pdf/dhs_pvcyrpt06.pdf

EPIC's Letter to Chief Privacy Officer Teufel (PDF):

     http://www.epic.org/privacy/pdf/Letter_0926.pdf

Department of Homeland Security Data Privacy and Integrity Advisory
Committee: The Use of RFID for Human Identification (PDF):

     http://www.epic.org/redirect/dpiac1106.html

Homeland Security Act of 2002 (PDF):

     http://www.dhs.gov/interweb/assetlibrary/privacy_hsa2002_222.pdf

Presidential Signing Statement, H.R. 5441:

     http://www.whitehouse.gov/news/releases/2006/10/20061004-10.html

EPIC's page on Privacy Report Held Hostage:

     http://www.epic.org/privacy/oversight/

========================================================================
[4] ICANN launches Public Comments on WHOIS Task Force Report
========================================================================

ICANN, the corporation that manages the assignment of domain names to
Internet Protocol addresses, has invited public comments on its
Preliminary Task Force Report on WHOIS services. The report sets out the
key findings on policy issues in the generic top level domain (gTLD)
space that have emerged since the WHOIS Task Force was convened last
year.

Current WHOIS policy requires that domain name registrants' contact
information, such as name, mailing address, e-mail address, telephone
number, and fax number be publicly available. This same information has
to be provided for the site's administrative and technical contacts. The
Non-Commercial Users Constituency of the Generic Names Supporting
Organization stated that this policy violates the privacy rights of
registrants and may violate international laws and the privacy rights in
the UN's Universal Declaration of Human Rights. In its preliminary
report, the WHOIS Task Force agrees that new mechanisms to restrict some
contact data from publication should be adopted to address privacy
concerns.

In April 2006, the Generic Names Supporting Organization Council, to
whom the task force reports, adopted a working definition of the purpose
of WHOIS that restricts use of WHOIS data to its original purpose: the
resolution of issues related to the configuration of the records
associated with the domain name. The task force is now considering the
purpose of the various WHOIS contacts and the public availability of
WHOIS data within the context of this definition.

The report highlights two different approaches to limitations on the
availability of WHOIS data. The first proposal, supported by the
Registrar, Registry, and Non-Commercial Users Constituencies, removes
administrative and technical contacts from WHOIS and requires that
registrants use an "operational point of contact," an intermediary who
would contact the registrant in the case of an issue with the domain
name. WHOIS would also continue to publish the registrant's name and
country. The second proposal, supported by the Intellectual Property and
Business Constituencies, retains the current data fields required under
WHOIS, but allows individuals who can demonstrate reasonable concern
that public access to their contact data would jeopardize their personal
safety or security to substitute contact details of the registrar for
their data.

EPIC, privacy agencies, and a coalition of organizations earlier
recommended that ICANN adopt the first approach, also described as
"Formulation One," to help safeguard the privacy interests of Internet
users.

The report also outlines five proposals which address alternative access
to WHOIS data, other than public availability, which range in scope from
discretionary access decisions made by the Registrar and based on best
practices, to contractual limitations on the use of requested data.

The public comment period runs until January 15, 2007. The task force
will consider the public comments received and prepare a final report
for submission to the Generic Names Supporting Organization Council.

ICANN Launches Public Comments on WHOIS Task Force Report:

     http://www.icann.org/announcements/announcement-24nov06.htm

ICANN Preliminary Task Force Report on WHOIS Services:

    http://gnso.icann.org/issues/whois-privacy/prelim-tf-rpt-22nov06.htm

EPIC's WHOIS page:

     http://www.epic.org/privacy/whois/

EPIC Comments to ICANN In Support of Formulation One:

     http://forum.icann.org/lists/whois-comments/msg00042.html

========================================================================
[5] Police Shoot UCLA Student with Taser For Failure to Show ID 
========================================================================

A 23 year-old senior at UCLA, Mostafa Tabatabainejad, a U.S. citizen by
birth, was shocked with a Taser five times by UCLA police after failing
to show his ID card in the library. Tabatabainejad is of Iranian
descent.

The incident, which was caught by a student on his cell phone camera,
occurred around 11 p.m. on November 21, 2006, in UCLA's Powell library.
Reports of the event vary: some students have said that when campus
police arrived, Tabatabainejad was already leaving. University
authorities, however, say that he refused repeated requests by community
service officers and regular campus police to show ID or leave. ID cards
are required in the library after 11 p.m.

The officers used the device in stun mode, which delivers volts of
low-amperage energy to the body, causing a disruption of the body's
electrical energy pulses and locking the muscles, as opposed to dart
mode, which disables the person entirely. According to an Amnesty
International report, the police use of Tasers has resulted in several
deaths.

Accounts of why he was repeatedly shocked are contradictory as well.
UCLA Assistant Police Chief Jeff Young described Tabatabainejad as a
passive resister who, at 200 pounds, was too heavy to move. Students
however noted that he was tased while being handcuffed, and he
repeatedly said "I'm not fighting you" and "I said I would leave." When
another student asked one of the officers for his badge number, the
officer threatened to shock him as well, which is illegal.

The university, under pressure from concerned parents and alumni, as
well as students, ordered an independent investigation. The announcement
came shortly after more than 300 students marched to the UCLA police
station. The review will be conducted by Merrick Bobb, a veteran law
enforcement watchdog, who has investigated allegations of police
misconduct, including the Rodney King beating.

While the Los Angeles Police Department and the Los Angeles Country
Sheriff's Department allow officers to use Tasers only if a suspect
poses a physical threat or is combative, according to Young, the UCLA
police are allowed to use Tasers on passive resisters as a "pain
compliance technique." They are the only University of California
officers allowed to use Tasers in that manner.

Ex-Marine Terrence Durren, the officer who tasered Tabatabainejad has
been the subject of use-of-force complaints, which he has denied, and
previously recommended for dismissal. He was fired from the Long Beach
Police Department in 1990. He remains on active duty while the
investigation is being conducted.

Video: "Student Tasered by police for not showing ID":

     http://www.youtube.com/watch?v=AyvrqcxNIFs

Amnesty International Report: "Excessive and lethal force? Amnesty
International's concerns about deaths and ill-treatment involving police
use of tasers":

     http://web.amnesty.org/library/index/ENGAMR511392004

EPIC's page on National ID Cards and REAL ID Act:

     http://www.epic.org/privacy/id_cards/

========================================================================
[6] News in Brief
========================================================================

EPIC FOIA Note: E-Passports Less Reliable Than Traditional Passports

A document obtained by EPIC from the State Department reveals that 2004
government tests found passports with radio frequency identification
(RFID) chips that are read 27% to 43% less successfully than the
previous Machine Readable Zone technology (two lines of text printed at
the bottom of the first page of a passport). The State Department has
begun issuing "e-passports," with personal data embedded on RFID chips,
saying they would be more secure and faster to process. Previous
documents obtained by EPIC under the FOIA showed that the same tests
found the chip readers "require too much attention and time on the part
of the inspector." Recent reports by the Department of Homeland Security
Data Privacy and Integrity Advisory Committee and European experts also
recommend against the use of RFID tags in identity documents.

EPIC FOIA Notes #14:

     http://www.epic.org/foia_notes/note14.html

Department of Homeland Security Data Privacy and Integrity Advisory
Committee: The Use of RFID for Human Identification (PDF):

     http://www.epic.org/redirect/dpiac1106.html


EPIC Debuts Page on REAL ID's Impact on Domestic Violence Survivors

EPIC has prepared a page about the potential of REAL ID to severely harm
the privacy interests of domestic violence survivors. The federal Real
ID Act creates national standards for issuing state drivers licenses and
identification cards. Survivors could have their confidentiality under
REAL ID, which facilitates data collection by the private sector and
will make it easier for abusers to get information on their victims.
Exceptions from REAL ID requirements for domestic violence survivors
will not adequately protect them. Some of REAL ID's harms to privacy may
come before someone is subject to domestic violence, and thus before
someone would be eligible for any exemptions. The page is a part of
EPIC's recently launched Privacy and Domestic Violence Project.

EPIC's page on the REAL ID Act and Domestic Violence:

     http://www.epic.org/privacy/dv/real_id.html

EPIC's Domestic Violence and Privacy Project:

     http://www.epic.org/privacy/dv/


Copyright Office Announces New Rules on Technological Circumvention

On November 27, 2006, the Librarian of Congress, on the recommendation
of the Register of Copyrights, announced six classes of works subject to
the exemption from the prohibition against circumvention of
technological measures that control access to copyrighted works. Persons
making noninfringing uses of these classes of works will not be subject
to the prohibition against circumventing access controls, established by
the Digital Millennium Copyright Act, during the next three years. In
1998, EPIC testified in opposition to the DMCA, stating that the bill
would diminish online privacy and warned that "the anti-circumvention
language in section 1201 is extraordinarily broad and will have all
sorts of unintended consequences." EPIC said that the "crime of
circumvention should be specifically linked to the actual infringing act
and not simply the use of a particular technique that may or may not be
harmful." EPIC also recommended the development of techniques to protect
copyrighted works that did not track the activities of Internet users.
Some of these concerns were addressed in subsequent decisions of the
Copyright Office, but others were not.

U.S. Copyright Office: Anticircumvention Rulemaking:

     http://www.copyright.gov/1201/

EPIC Testimony before the House Committee on International Relations
on Copyright and Privacy (1998):

     http://www.epic.org/privacy/copyright/epic-wipo-testimony-698.html

EPIC's page on Digital Rights Management and Privacy:

     http://www.epic.org/privacy/drm/


NSA Not Required to Release Details on Wiretapping Program

A federal judge in Washington, D.C. ruled last week that the National
Security Agency is not required to release details about its secret
wiretapping program. After the NSA denied a Freedom of Information Act
request on national security grounds, People for the American Way filed
suit seeking information on the program's review process as well as how
many wiretaps were performed. This is the latest in spate of divided
judicial opinions issued on the surveillance program in the last six
months. This week, after months of pressure from Congressional
Democrats, the Justice Department's inspector general said his office
had begun a review of the department's role in President Bush's domestic
eavesdropping program and the legal requirements governing the program.
EPIC has previously called attention to the illegality of the NSA
program and urges a congressional investigation.

EPIC's Resources on Domestic Surveillance:

     http://epic.org/features/surveillance.html

Marc Rotenberg, EPIC Executive Director, "Congress is legislating in the
dark: Lawmakers need more information before OKing Bush surveillance
program":

     http://www.msnbc.msn.com/id/15199819/


European Union: SWIFT's U.S. Data Transfer Violated Data Protection Laws

The European Union's Article 29 Data Protection Working Party concluded
last Thursday that the Society for Worldwide Interbank Financial
Telecommunications (SWIFT) violated data protection laws by transferring
records of millions of private financial transactions to American
intelligence agencies. SWIFT, a Brussels-based banking consortium which
routes information among 7,800 financial institutions in more than 200
countries, complied with U.S. Treasury Department subpoenas for five
years in what the Working Party called a "hidden, systematic, massive
and long-term transfer of personal data." According to the unanimously
adopted draft statement, SWIFT failed to provide an appropriate level of
protection to meet the requirements for international transfers of
personal data; further, the transfer agreement demonstrated a lack of
transparency and adequate and effective control mechanisms, and violated
the principles of proportionality and necessity contained in EU Data
Protection Directive 95/46/EC.

Article 29 Working Party Press Release on the SWIFT Case (PDF):

     http://www.epic.org/redirect/a29wp06.html

EPIC's June 2006 Spotlight on SWIFT, "Treasury's International Finance
Tracking Program of Questionable Legality":

     http://www.epic.org/privacy/surveillance/spotlight/0606/

========================================================================
[7] EPIC Bookstore: George Yee's "Privacy Protection for E-Services"
========================================================================

"Privacy Protection for E-Services" by George Yee (Idea Group 2006).

     http://www.powells.com/partner/24075/biblio/1591409152

"There is a deep need for privacy education and technology with which to
educate the e-services industry, and provide it the tools to build
privacy preserving e-services. Privacy Protection for E-Services
fulfills this need by reporting on the latest advances in privacy
protection issues and technologies for e-services, covering important
material, such as: consumer empowerment, assessing privacy risks,
security technologies needed for privacy protection, systems for privacy
policy enforcement, and even methods for assessing privacy technologies.
'Privacy Protection for E-Services' is a must-read for consumers,
educators, researchers, designers, and developers who are interested in
the protection of consumer privacy for Internet services."

================================

EPIC Publications:

"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.
http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2005: An International Survey of Privacy Laws
and Developments" (EPIC 2006). Price: $60.
http://www.epic.org/bookstore/phr2005/phr2005.html

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
70 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2005 is the most comprehensive report on privacy
and data protection ever published.

================================

"FOIA 2004: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:
$40.
http://www.epic.org/bookstore/foia2004

This is the standard reference work covering all aspects of the Freedom
of Information Act, the Privacy Act, the Government in the Sunshine Act,
and the Federal Advisory Committee Act.  The 22nd edition fully updates
the manual that lawyers, journalists and researchers have relied on for
more than 25 years.  For those who litigate open government cases (or
need to learn how to litigate them), this is an essential reference
manual.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).  This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.
http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the
CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books
http://www.powells.com/features/epic/epic.html

================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:
https://mailman.epic.org/cgi-bin/control/foia_notes


========================================================================
[8] Upcoming Conferences and Events
========================================================================

Public Meeting with Privacy and Civil Liberties Experts. Privacy and
Civil Liberties Oversight Board. Georgetown University. December 5,
2006. Washington, DC. For more information:
http://www.privacyboard.gov/press/20061124.html

FACEBOOK, What It Is, How It Works, Why It Matters to You, Audio
Conference. International Association of Privacy Professionals. December
7, 2006. For more information:
https://www.privacyassociation.org/index.php?option=com_content&task=
view&id=8&Itemid=70

Assessing Current Privacy Issues. Riley Information Services, Inc.
February 21, 2007. Ottawa, Ontario, Canada. For more information:
http://www.rileyis.com/seminars/

5th Conference on Privacy and Public Access to Court Records. Center for
Legal and Court Technology and Administrative Office of the United
States Courts. March 22-23, 2007. Williamsburg, Virginia. For more
information:
http://www.courtaccess.org/

CFP2007: Computers, Freedom, and Privacy Conference. Association for
Computing Machinery. May 2007. Montreal, Canada. For more information:
http://www.cfp2007.org

======================================================================
Subscription Information
======================================================================

Subscribe/unsubscribe via web interface:

https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news

Back issues are available at:

http://www.epic.org/alert

The EPIC Alert displays best in a fixed-width font, such as Courier.

========================================================================
Privacy Policy
========================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."

========================================================================
About EPIC
========================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC.  It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research.  For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009.  Or you can contribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

------------------------- END EPIC Alert 13.24 -------------------------

.