======================================================================== E P I C A l e r t ======================================================================== Volume 14.05 March 9, 2007 ------------------------------------------------------------------------ Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_14.05.html ======================================================================== Table of Contents ======================================================================== [1] After Long Delay, Regulations Issued for Flawed National ID Plan [2] EPIC Testifies in Congress on Caller ID Spoofing [3] Homeland Security Abandons Visitor Tagging Plan Criticized by EPIC [4] FTC Report on Children's Online Privacy Protection Act [5] State Department Issues Annual Human Rights Report [6] News in Brief [7] EPIC Bookstore: "Who Controls the Internet?" [8] Upcoming Conferences and Events ======================================================================== [1] After Long Delay, Regulations Issued for Flawed National ID Plan ======================================================================== More than two years after Congress rushed through passage of the REAL ID Act, the Department of Homeland Security announced proposed regulations on March 1 that would turn the state driver's license into a national identity card. The estimated cost of the plan could be as high as $23.1 billion, according to the federal government, and the national ID system will increase security risks as well as the threats to personal privacy. The federal agency claims that no national ID database will be created under these regulations, because there will not be a single database maintained by a federal agency. However, under the proposed regulations, DHS will impose new requirements on state motor vehicle agencies so that all state databases will be linked together. A national database with personal information of 245 million license and state ID cardholders across the country is a tempting target for identity thieves and other criminals. Yet the regulations merely include the vague requirement that states prepare a "comprehensive security plan" for REAL ID implementation. DHS does not set minimum security or privacy standards to protect a national database with sensitive personal information. The creation of a national ID database under the REAL ID regulations comes at a time when security breaches and identity theft are on the rise. State DMVs already are the victims of outside attackers and insider license-for-bribe schemes. For the seventh year in a row, identity theft is the No. 1 concern of U.S. consumers, according to the Federal Trade Commission's annual report. Over 104 million data records of U.S. residents have been exposed due to security breaches since January 2005, according to a report from the Privacy Rights Clearinghouse. The regulations also do not set adequate privacy and security standards for the identification card. The agency is "lean[ing] toward" using a two-dimensional bar code with encryption, but it does not require encryption. Although Homeland Security lays out the privacy and security problems associated with creating an unencrypted machine-readable zone on the license, such as allowing third parties to easily download the personal information on the license, it does not require encryption because there are concerns about "operational complexity." Homeland Security is also considering allowing radio frequency identification (RFID) technology in the cards, which means the sensitive data would be transmitted wirelessly and be vulnerable to interception by third parties. However, Homeland Security just abandoned a plan to include RFID chips in border identification documents because the pilot test was a failure. There were multiple security and privacy problems with the pilot program. The REAL ID Act was appended to a bill providing tsunami relief and military appropriations, and passed with little debate and no hearings. It repealed provisions in the Intelligence Reform and Terrorism Prevention Act of 2004, which contained "carefully crafted language -- bipartisan language -- to establish standards for States issuing driver's licenses," Sen. Richard Durbin said at the time of REAL ID's passage. In response to the draft regulations, Sen. Patrick Leahy said, "It is ironic that we probably would have stronger drivers' licenses today if the original shared rulemaking procedures that Congress agreed to in 2004 had been allowed to move forward." Proposals to repeal Real ID have been adopted in the states and introduced in Congress. The draft regulations are open for comment until May 8, 2007. To take action and talk to Congress about this ill-conceived identification scheme, visit the Electronic Frontier Foundation's Take Action page: http://www.epic.org/redirect/EFF030907 Department of Homeland Security's Notice of Proposed Rulemaking on REAL ID: http://www.dhs.gov/xprevprot/laws/gc_1172765386179.shtm Senator Leahy's Press Release In Response to REAL ID Regulations: http://leahy.senate.gov/press/200703/030107b.html Privacy Rights Clearinghouse's Chronology of Data Breaches: http://www.privacyrights.org/ar/ChronDataBreaches.htm EPIC's Testimony at Feb. 15, 2007, Hearing of the Maryland Senate Judicial Proceedings Committee (pdf): http://www.epic.org/privacy/id_cards/ngo_test_021507.pdf EPIC's page on National ID Cards and the REAL ID Act: http://www.epic.org/privacy/id_cards/ EPIC's page on Secure Flight: http://www.epic.org/privacy/airtravel/secureflight.html EPIC's Spotlight on Surveillance on REAL ID: http://www.epic.org/privacy/surveillance/spotlight/0307 ======================================================================== [2] EPIC Testifies in Congress on Caller ID Spoofing ======================================================================== In testimony before the House Commerce Committee, EPIC staff counsel Allison Knight testified in support of H.R. 251, the Truth in Caller ID Act of 2007. EPIC said the bill rightly distinguishes between the appropriate and inappropriate uses of caller ID spoofing. EPIC testified on similar legislation in 2006. EPIC noted that while spoofing caller ID numbers can create a real risk to individuals who might be defrauded or harmed by illegitimate uses of this technology, there are also several legitimate uses of spoofing that allow callers to limit the disclosure of their phone numbers in order to protect their privacy and in some cases their safety. This includes domestic violence survivors who are trying to reach family members and do not want their location revealed. Survivors may also need to use caller ID spoofing when calling companies that may have permissive data-sharing policies and sell information to brokers. Caller ID spoofing can also protect right of call recipients to be free from pretexting and other fraud that can lead to the loss of their privacy, and the threats of stalking, identity theft, and harassment. EPIC pointed out that caller ID blocking isn't a complete solution for those trying to maintain privacy because automatic number identification systems and other technology can get around blocks, and some call recipients refuse to accept blocked calls. The bill as currently drafted addresses the privacy interests of both callers and call recipients by including an intent requirement in the ban on caller ID spoofing, so that spoofing is prohibited where it is clear that the person who does not provide accurate identifying information intends to defraud or cause harm. By including an intent requirement the revised Truth in Caller ID Act of 2007 distinguishes between appropriate and inappropriate Caller ID spoofing and also preserves legitimate law enforcement techniques. EPIC also called for the Federal Communications Commission to investigate the President's domestic surveillance program, and asked Members to support EPIC's recommendation that the Commission undertake an investigation of the possibly improper disclosure of telephone toll records by the telephone companies that are subject to the privacy obligations contained in the Communications Act. EPIC's Testimony before the House Committee on Energy and Commerce on the Truth in Caller ID Act of 2007 (pdf): http://www.epic.org/privacy/iei/hr251test.pdf The Truth in Caller ID Act of 2007: http://thomas.loc.gov/cgi-bin/bdquery/z?d110:h.r.00251: EPIC's page on Domestic Surveillance: http://www.epic.org/features/surveillance.html ======================================================================== [3] Homeland Security Abandons Visitor Tagging Plan Criticized by EPIC ======================================================================== Plans to use radio frequency identification (RFID) technology in the US-VISIT border security system have been abandoned after pilot testing failed, Department of Homeland Security Secretary Michael Chertoff admitted in Congressional testimony on February 9th. A government report released in January said testing of RFID tags embedded in I-94 documents was unsuccessful. Chertoff said about the program, "I think, yes, we're abandoning it. That's not going to be a solution." In 2005, the Department of Homeland Security began testing RFID-enabled I-94 forms in its United States Visitor and Immigrant Status Indicator Technology (US-VISIT) program to track the entry and exit of visitors. The RFID-enabled forms stored a unique identification number, which is linked to data files containing foreign visitor's biographic information, including name, date of birth, country of citizenship, passport number and country of issuance, complete U.S. destination address, and digital fingerscans. EPIC has warned that the proposal to embed RFID tags in travel documents places visitors to the United States at risk, citing the plan's lack of basic privacy and security safeguards. In October 2005 comments to the Department of Homeland Security, EPIC urged the Department to reject the proposal. EPIC asserted that the timesaving benefits of RFID tag use would be slight and significantly overshadowed by its privacy and security risks. EPIC explained, as an invisible technology, RFID allows a person's information to be accessed without his or her knowledge. Anytime a visitor is carrying his I-94 RFID-enabled form, unauthorized individuals could access his or her unique identification number, and thus the biographic information linked to that number. In a July 2006 report, the Department of Homeland Security's Inspector General echoed EPIC's concerns, stating that the US-VISIT border security program fails to protect data collected through the use of RFID tags. The report found "security vulnerabilities that could be exploited to gain unauthorized or undetected access to sensitive data" associated with people who carried the RFID-enabled forms. A report released by the Government Accountability Office in late January identified numerous performance and reliability issues in Department of Homeland Security's 15-month test. The report detailed the failure of RFID readers to detect a majority of visitors' identification numbers. US-VISIT officials had set a target read rate at 70 percent, but a weeklong test demonstrated that RFID readers correctly identified only 14 percent of identification numbers. Furthermore, the report said that even if such performance and reliability issues were addressed, questions remained about the program's future. The report said that RFID failed to "meet a key goal of US-VISIT -- ensuring that visitors who enter the country are the same ones who leave." Essentially, the I-94 form could not guarantee that the person to whom the form was issued would be the same individual exiting the country with the form. Government Accountability Office report (pdf): http://www.gao.gov/new.items/d07378t.pdf DHS Inspector General Report (redacted) (pdf): http://www.dhs.gov/xoig/assets/mgmtrpts/OIGr_06-53_Jul06.pdf EPIC's October 2005 comments to the Dept. of Homeland Security (pdf): http://www.epic.org/privacy/us-visit/100305_rfid.pdf EPIC Guidelines on Commercial Use of RFID Technology (2004) (pdf): http://www.epic.org/privacy/rfid/rfid_gdlnes-070904.pdf EPIC's page on RFID: http://www.epic.org/privacy/rfid/ EPIC's page on US-VISIT: http://www.epic.org/privacy/us-visit/ ======================================================================== [4] FTC Report on Children's Online Privacy Protection Act ======================================================================== The Federal Trade Commission reports that the Child Online Privacy Protection Act (COPPA) has been successful at protecting children's privacy online. The report concludes that no changes to the regulations are warranted at this time, and that continuing enforcement with increasing civil penalties against significant violations will adequately deter unlawful conduct. The report was issued in according with Congressional demands for a "rule review" after 5 years. Congress enacted COPPA in 1998, and the FTC issued rules which became effective in April of 2005. COPPA requires explicit parental consent of data collected on children under the age of 13; provides parents with the ability to see the data that was collected; and allows consent to be revoked and the data to be deleted. COPPA enforcement is via a mixture of FTC action and industry "safe harbor" self-regulation. The FTC has certified certain self-regulatory bodies, and it will not prosecute websites that comply with those bodies' standards. The report identified the emerging issues of social networking sites and convergence of technologies. Social networking sites are covered by COPPA, but raise the new issue that the personal information is not simply collected, but also presented to other viewers. Convergence of technologies means that children will not be accessing the web solely on personal computers, but also with wireless handhelds and other such devices. This may make parental supervision more difficult. EPIC filed comments for the report. In its comments, EPIC agreed that COPPA had been successful in protecting children's privacy online. EPIC also recommended more enforcement, in order to improve compliance and to clarify regulatory standards. EPIC also recommended that the FTC begin to look at cutting edge usability factors, in order to determine when websites are "directed at children." Lastly, EPIC recommended that the FTC take action to protect children's privacy offline. FTC Report - Implementing COPPA - A Report to Congress (pdf): http://www.ftc.gov/reports/coppa/07COPPA_Report_to_Congress.pdf EPIC Comments on COPPA: http://www.epic.org/privacy/kids/ftc_coppa_62705.html EPIC's COPPA Page: http://www.epic.org/privacy/kids/ ======================================================================== [5] State Department Issues Annual Human Rights Report ======================================================================== The US State Department has just released its annual human rights report. The report, spanning over 1800 pages and over 180 countries, describes the performance of governments in putting into practice their international commitments on human rights reflected in the United Nations Universal Declaration of Human Rights. Each country report includes a section on privacy. Privacy and freedom of expression issues are addressed in the report mainly in the context of Internet censorship and surveillance. For example, the report documents the arrest and detention of Internet bloggers in Egypt and web journalists in China. Many countries passed legislation requiring Internet cafes to record the identities of its users and retain the data for law enforcement purposes. The report also comments on limitations on Internet access. For example, in Turkmenistan, no new accounts have been allowed in the capital since September 2002; Vietnam forbids direct access to the Internet via Internet Service Providers; and Iran blocks access to various foreign news websites. Syria made use of its Emergency Law to censor citizens' access to the Internet. The report states that although Chinese legislation to protect privacy exists, this was often ignored in practice in order to conduct warrantless surveillance. Authorities monitored telephone conversations, facsimile transmissions, e-mail, text messaging, and Internet communications. Authorities also opened and censored domestic and international mail. Interestingly, the US saw two similar developments in the past year as concerning anti-terrorism investigation: the revelation of its domestic surveillance program, which conducted electronic surveillance on American citizens without judicial authority, and the President's signing statement which purported to allow warrantless search of mail. Although the introduction acknowledges that the report was released at a time when the United States' own record and actions taken have been questioned, the report does not include a section on US human rights performance. US State Department Human Rights Report http://www.state.gov/g/drl/rls/hrrpt/2006/78766.htm Privacy and Human Rights 2005 http://www.powells.com/biblio/1893044254?&PID=24075 ======================================================================== [6] News in Brief ======================================================================== Secure Flight Five Years Behind Schedule, Delayed Until 2010 Implementation of Secure Flight, a federal passenger screening program, will be delayed until 2010, at least five years behind schedule, according to the Transportation Security Administration. Secure Flight was designed to solve problems with people being mistakenly matched or mistakenly listed on government terrorism watch lists. The program was suspended a year ago after two government reports detailed security and privacy problems. One report found 144 security vulnerabilities. About $140 million has been spent on the program, and the TSA is seeking another $80 million for proposed changes. Government Accountability Office, Testimony on Secure Flight on Feb. 9, 2006 (pdf): http://www.gao.gov/new.items/d06374t.pdf EPIC's page on Secure Flight: http://www.epic.org/privacy/airtravel/secureflight.html Five New Congressional Research Service reports have become available Congressional Oversight of Intelligence: Current Structure and Alternatives, RL32525 (Feb. 15, 2007) (pdf). Among the alternatives this report examines are the proposals in the 9/11 Commission Report for creating a joint committee on intelligence or strengthening the individual committees with authorization and appropriations power. http://www.fas.org/sgp/crs/intel/RL32525.pdf Data Mining and Homeland Security: An Overview, RL 31798 (Jan. 18, 2007) (pdf). The overview includes the major DHS data mining initiatives and also notes limitations on the capability of data mining http://www.fas.org/sgp/crs/homesec/RL31798.pdf Data Security: Federal Legislative Approaches, RL33273 (Jan. 25, 2007) (pdf). The report addresses proposed legislation for subject area; privacy safeguards; restrictions on the use of social security numbers; credit freezes; consumer reports; and preemption. http://www.epic.org/privacy/idtheft/RL33273.pdf Remedies Available to Victims of Identity Theft, RL31919 (Jan. 23, 2007) (pdf). The report covers federal laws that help victims correct their credit records, as well as criminalize certain identity theft related activity. http://www.epic.org/privacy/idtheft/RL31919.pdf Identity Theft: State Penalties and Remedies and Pending Federal Bills, RS 22484 (Jan. 11, 2007) (pdf). The reports lists state laws that provide criminal and civil penalties for identity theft; credit freezes; and social security number privacy. http://www.epic.org/privacy/idtheft/RS22484.pdf Privacy Rights Clearinghouse Report: "Real ID Act Will Increase Exposure to ID Theft" In an alert posted on Feburary 28, Privacy Rights Clearinghouse reports that the REAL ID Act will increase individuals' exposure to ID theft. The report states that one difficulty that ID theft victims face is the presumption that the transactions completed in their name are legitimate. Real ID may strengthen that presumption, because victims would have to confront a perception that Real IDs are more secure and difficult to obtain fraudulently. The report further states that Real ID will create new opportunities for ID thieves, because the law creates a national database of scanned copies of birth certificates, Social Security cards, and any other documents that individuals present when they apply for a license, and it mandates a nationally standardized “machine-readable zone” that will let bars, merchants and other private parties scan personal data off licenses with greater ease than ever before, putting all that information into even greater circulation. Privacy Rights Clearinghouse Alert on REAL ID: http://www.privacyrights.org/ar/real_id_act.htm EPIC's page on National ID and REAL ID Act: http://www.epic.org/privacy/id_cards/ Hearing in the European Parliament on Passenger Name Records On March 26, the European Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) will hold a public seminar on Transatlantic Relations and Data Protection regarding passenger name record information, SWIFT financial data, and the Safe Harbour agreement. Growing EU concern about the privacy of personal data, particularly after the disclosure of the US' use of the Automated Targeting System on individuals, will weigh heavily in negotiations of a new EU-US passenger name record transfer agreement this spring. The European Parliament has adopted a Resolution on SWIFT, the PNR agreement and the transatlantic dialogue on these issues, which calls for Parliamentary involvement, greater transparency and the inclusion of redress measures in future agreements. European Parliament Hearings page: http://www.europarl.europa.eu/hearings/default_en.htm LIBE Committee on Civil Liberties, Justice and Home Affairs: http://www.europarl.europa.eu/committees/libe_home_en.htm European Parliament resolution on SWIFT, the PNR agreement and the transatlantic dialogue on these issues: http://www.epic.org/redirect/EPresolution030907.html EU-US Interim Agreement on the Transfer of Passenger Name Records (October 2006): http://www.eurunion.org/newsweb/HotTopics/PNRAgreemntOct06.pdf EPIC's page on EU-US Airline Passenger Data Disclosure: http://www.epic.org/privacy/intl/passenger_data.html EPIC's page on Passenger Profiling: http://www.epic.org/privacy/airtravel/profiling.html Canada lawmakers let anti-terror measures expire Two anti-terror measures adopted as part of Canada's response to the 9/11 expired last week. The opposition party defeated Prime Minister Stephen Harper's bid to extend the measures for three years. In their five years of existence, neither provision had ever been used. The measures empower authorities to arrest and detain suspects for three days without charge and to compel individuals with knowledge of terrorist activity to testify before a judge. The vote not to renew the provisions came only days after Canada's Supreme Court struck down a provision of the Immigration and Refugee Protection Act allowing the government to detain foreign terror suspects indefinitely while the courts review their deportation orders. The Anti-Terrorism Act (Bill C-36): http://canada.justice.gc.ca/en/anti_terr/act.html Charkaoui v. Canada (Citizenship and Immigration), 2007 SCC 9: http://scc.lexum.umontreal.ca/en/2007/2007scc9/2007scc9.html Canadian Survey on Identity Fraud The Canadian Strategic Counsel recently published its annual Fraud Prevention Report for 2006. The survey found that 86% of Canadians across all demographic groups consider marketing fraud to be a serious problem, a slightly higher rate than the 2005 survey. Almost the same number of respondents believes that identity theft is on the rise. 1 in 6 Canadians surveyed reported having been victimized by identity theft in 2006. However, few individuals make a significant effort to report or resolve the incident. The most common reasons for not taking action include that it requires too much effort to report, or the amount of money was not significant enough to bother. Canada's Privacy Commissioner has called for anti-spam legislation, noting that Canada is the only G-8 country without such a law. Canadian Strategic Counsel Fraud Prevention Report 2006 (pdf): http://www.epic.org/privacy/pdf/FraudPrevention030907.pdf EPIC's page on Identity Theft: http://www.epic.org/privacy/idtheft/ Report on the Use of Government Watch Lists The Constitution Project released a report entitled, "Promoting Accuracy and Fairness in the Use of Government Watch Lists," which includes a strong bipartisan call for protecting individual rights when the government uses terrorist watch lists. The report urges policymakers to promptly restrict the use of such watch lists, and adopt important reforms to govern the situations in which they are used. The report notes that the use of such lists extends well beyond airport security, and the recent revelation of the existence of an “Automated Targeting System” that gathers data on travelers and assigns computer generated risk scores further underscores the need for clear policy reform. The Constitution Project report “Promoting Accuracy and Fairness in the Use of Government Watch Lists" (pdf): http://www.epic.org/privacy/pdf/WatchLists030907.pdf EPIC's page on Passenger Profiling: http://www.epic.org/privacy/airtravel/profiling.html EPIC's Spotlight on Surveillance on the Automated Targeting System: http://www.epic.org/redirect/ATS030907.html 2007 National Freedom of Information Day Conference National FOI Day is an annual, daylong program of speaking and discussion by specialists in various aspects of freedom of information, updating developments in FOI over the preceding year. This year's conference, “Access: Oversight & Priorities,” held on March 16, will include discussions of government secrecy, publication of classified information and access priorities for the coming year. The American Library Association will present its annual James Madison Awards, and new reports and publications will be released. The ninth annual FOI Day Conference is sponsored by the First Amendment Center. Sunshine Week will co-sponsor the event, which will be held in cooperation with the American Library Association, OpenTheGovernment.org and the Coalition of Journalists for Open Government. First Amendment Center National FOI Day page: http://www.epic.org/redirect/FOIDay030907.html EPIC's FOIA Notes page: http://www.epic.org/foia_notes/ ======================================================================== [7] EPIC Bookstore: "Who Controls the Internet?" ======================================================================== "Who Controls the Internet: Illusions of a Borderless World" by Jack Goldsmith and Tim Wu (Oxford University Press 2006). http://www.powells.com/partner/24075/biblio/9780195152661 “Is the Internet truly "flattening" the modern world? Will national boundaries crumble beneath the ever-increasing volume of Internet traffic? Goldsmith and Wu, both professors of law (Goldsmith at Harvard, Wu at Columbia), think not, and they present an impressive array of evidence in their favor. The authors argue national governments will continue to maintain their sovereignty in the age of the Internet, largely because of economics: e-businesses - even giants such as Yahoo, Google and eBay - need governmental support in order to function. When Yahoo, an American company, was tried in French court for facilitating the auctioning of Nazi paraphernalia in violation of French law, the company was eventually forced to comply with local laws or risk losing the ability to operate in France. As eBay grew into an Internet powerhouse, its "feedback" system could not keep up with cunning con artists, so it hired hundreds of fraud prevention specialists (known as "eBay cops"). Goldsmith and Wu begin with an overview of the Internet's early days, replete with anecdotes and key historical chapters that will be unknown to many readers, but their book quickly introduces its main contention: that existing international law has the power to control the Internet, a conclusion web pundits, cyberlaw specialists and courts across the globe will inevitably challenge. Wu's and Goldsmith's account of the power struggle between the Utopian roots of the Internet and the hegemony of national governments is a timely chronicle of a history still very much in the works.” ================================ EPIC Publications: "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2005: An International Survey of Privacy Laws and Developments" (EPIC 2006). Price: $60. http://www.epic.org/bookstore/phr2005/phr2005.html This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 70 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2005 is the most comprehensive report on privacy and data protection ever published. ================================ "FOIA 2004: Litigation Under the Federal Open Government Laws," Harry Hammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price: $40. http://www.epic.org/bookstore/foia2004 This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 22nd edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: https://mailman.epic.org/cgi-bin/control/foia_notes ======================================================================== [8] Upcoming Conferences and Events ======================================================================== RFID and Ubiquitous Computing. Trans Atlantic Consumer Dialogue. March 12, 2007. Brussels, Belgium. For more information: http://www.tacd.org/ 4th Annual Electronic Health Records Conference. Insight Information. March 13, 2007. Vancouver, Canada. For more information: http://www.privcom.gc.ca/events/index_e.asp Consumer Authentication: How Do You Know It Is Really Me? American Bar Association, Section of Business Law. March 16, 2007. Washington, DC. National FOI Day Conference. March 16, 2007. Washington DC. For more information: http://www.firstamendmentcenter.org Workshop on Surveillance & Inequality. Arizona State University. March 16-18, 2007. Tempe, Arizona. For more information: http://publicsurveillance.com/workshop.html Patient Privacy Coalition meeting. March 21, 2007. Washington DC. For more information contact Dr. Deborah Peel at: dpeelmd@patientprivacyrights.org Data Privacy and Integrity Advisory Committee meeting. Department of Homeland Security. March 21, 2007. Washington, DC. For more information contact: PrivacyCommittee@dhs.gov 5th Conference on Privacy and Public Access to Court Records. Center for Legal and Court Technology and Administrative Office of the United States Courts. March 22-23, 2007. Williamsburg, Virginia. For more information: http://www.courtaccess.org/ The Policy Challenges of Electronic Privacy. European Parliamentary Technology Assessment organization. March 28, 2007. Brussels, Belgium. For more information contact viwta@vlaamsparlement.be Communications event. American Bar Association. March 28, 2007. Washington DC. Privacy Coalition meeting. March 30, 2007. Washington DC. For information contact Lillie Coney at: coney@epic.org Proof Positive: New Directions for ID Authentication Public Workshop. Federal Trade Commission. April 23 and 24, 2007. Washington DC. For more information contact: idmworkshop@ftc.gov CFP2007: Computers, Freedom, and Privacy Conference. Association for Computing Machinery. May 2007. Montreal, Canada. For more information: http://www.cfp2007.org Conference on Interdisciplinary Studies in Information Privacy and Security. Rutgers University. May 22, 2007. New Brunswick. For more information: http://www.scils.rutgers.edu/ci/isips/ Privacy Compliance Conference. The Canadian Institute. May 30-31, 2007. Toronto, Canada. For more information: http://www.privcom.gc.ca/events/index_e.asp 29th International Conference of Data Protection and Privacy Commissioners. September 25-28, 2007. Montreal, Canada. For more information: http://www.privacyconference2007.gc.ca/Terra_Incognita_home_E.html ====================================================================== Subscription Information ====================================================================== Subscribe/unsubscribe via web interface: https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ======================================================================== Privacy Policy ======================================================================== The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================== About EPIC ======================================================================== The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ------------------------- END EPIC Alert 14.04 ------------------------- .