EPIC logo

  
========================================================================
                           E P I C  A l e r t
========================================================================
Volume 14.05                                              March 9, 2007
------------------------------------------------------------------------

                            Published by the
               Electronic Privacy Information Center (EPIC)
                            Washington, D.C.

             http://www.epic.org/alert/EPIC_Alert_14.05.html


========================================================================
Table of Contents
========================================================================
[1] After Long Delay, Regulations Issued for Flawed National ID Plan
[2] EPIC Testifies in Congress on Caller ID Spoofing
[3] Homeland Security Abandons Visitor Tagging Plan Criticized by EPIC
[4] FTC Report on Children's Online Privacy Protection Act
[5] State Department Issues Annual Human Rights Report
[6] News in Brief
[7] EPIC Bookstore: "Who Controls the Internet?"
[8] Upcoming Conferences and Events

========================================================================
[1] After Long Delay, Regulations Issued for Flawed National ID Plan
========================================================================

More than two years after Congress rushed through passage of the REAL ID
Act, the Department of Homeland Security announced proposed regulations
on March 1 that would turn the state driver's license into a national
identity card. The estimated cost of the plan could be as high as $23.1
billion, according to the federal government, and the national ID system
will increase security risks as well as the threats to personal privacy.

The federal agency claims that no national ID database will be created
under these regulations, because there will not be a single database
maintained by a federal agency. However, under the proposed regulations,
DHS will impose new requirements on state motor vehicle agencies so that
all state databases will be linked together. A national database with
personal information of 245 million license and state ID cardholders
across the country is a tempting target for identity thieves and other
criminals. Yet the regulations merely include the vague requirement that
states prepare a "comprehensive security plan" for REAL ID
implementation. DHS does not set minimum security or privacy standards
to protect a national database with sensitive personal information.

The creation of a national ID database under the REAL ID regulations
comes at a time when security breaches and identity theft are on the
rise. State DMVs already are the victims of outside attackers and
insider license-for-bribe schemes. For the seventh year in a row,
identity theft is the No. 1 concern of U.S. consumers, according to the
Federal Trade Commission's annual report. Over 104 million data records
of U.S. residents have been exposed due to security breaches since
January 2005, according to a report from the Privacy Rights
Clearinghouse.

The regulations also do not set adequate privacy and security standards
for the identification card. The agency is "lean[ing] toward" using a
two-dimensional bar code with encryption, but it does not require
encryption. Although Homeland Security lays out the privacy and security
problems associated with creating an unencrypted machine-readable zone
on the license, such as allowing third parties to easily download the
personal information on the license, it does not require encryption
because there are concerns about "operational complexity." Homeland
Security is also considering allowing radio frequency identification
(RFID) technology in the cards, which means the sensitive data would be
transmitted wirelessly and be vulnerable to interception by third
parties. However, Homeland Security just abandoned a plan to include
RFID chips in border identification documents because the pilot test was
a failure. There were multiple security and privacy problems with the
pilot program.

The REAL ID Act was appended to a bill providing tsunami relief and
military appropriations, and passed with little debate and no hearings.
It repealed provisions in the Intelligence Reform and Terrorism
Prevention Act of 2004, which contained "carefully crafted language --
bipartisan language -- to establish standards for States issuing
driver's licenses," Sen. Richard Durbin said at the time of REAL ID's
passage. In response to the draft regulations, Sen. Patrick Leahy said,
"It is ironic that we probably would have stronger drivers' licenses
today if the original shared rulemaking procedures that Congress agreed
to in 2004 had been allowed to move forward." Proposals to repeal Real
ID have been adopted in the states and introduced in Congress.

The draft regulations are open for comment until May 8, 2007. To take
action and talk to Congress about this ill-conceived identification
scheme, visit the Electronic Frontier Foundation's Take Action page:
http://www.epic.org/redirect/EFF030907

Department of Homeland Security's Notice of Proposed Rulemaking on REAL
ID:

     http://www.dhs.gov/xprevprot/laws/gc_1172765386179.shtm

Senator Leahy's Press Release In Response to REAL ID Regulations:

     http://leahy.senate.gov/press/200703/030107b.html

Privacy Rights Clearinghouse's Chronology of Data Breaches:

     http://www.privacyrights.org/ar/ChronDataBreaches.htm

EPIC's Testimony at Feb. 15, 2007, Hearing of the Maryland Senate
Judicial Proceedings Committee (pdf):

     http://www.epic.org/privacy/id_cards/ngo_test_021507.pdf

EPIC's page on National ID Cards and the REAL ID Act:

     http://www.epic.org/privacy/id_cards/

EPIC's page on Secure Flight:

     http://www.epic.org/privacy/airtravel/secureflight.html

EPIC's Spotlight on Surveillance on REAL ID:

     http://www.epic.org/privacy/surveillance/spotlight/0307

========================================================================
[2] EPIC Testifies in Congress on Caller ID Spoofing
========================================================================

In testimony before the House Commerce Committee, EPIC staff counsel
Allison Knight testified in support of H.R. 251, the Truth in Caller ID
Act of 2007. EPIC said the bill rightly distinguishes between the
appropriate and inappropriate uses of caller ID spoofing. EPIC testified
on similar legislation in 2006.

EPIC noted that while spoofing caller ID numbers can create a real risk
to individuals who might be defrauded or harmed by illegitimate uses of
this technology, there are also several legitimate uses of spoofing that
allow callers to limit the disclosure of their phone numbers in order to
protect their privacy and in some cases their safety. This includes
domestic violence survivors who are trying to reach family members and
do not want their location revealed. Survivors may also need to use
caller ID spoofing when calling companies that may have permissive
data-sharing policies and sell information to brokers. Caller ID
spoofing can also protect right of call recipients to be free from
pretexting and other fraud that can lead to the loss of their privacy,
and the threats of stalking, identity theft, and harassment.

EPIC pointed out that caller ID blocking isn't a complete solution for
those trying to maintain privacy because automatic number identification
systems and other technology can get around blocks, and some call
recipients refuse to accept blocked calls. The bill as currently drafted
addresses the privacy interests of both callers and call recipients by
including an intent requirement in the ban on caller ID spoofing, so
that spoofing is prohibited where it is clear that the person who does
not provide accurate identifying information intends to defraud or cause
harm.

By including an intent requirement the revised Truth in Caller ID Act of
2007 distinguishes between appropriate and inappropriate Caller ID
spoofing and also preserves legitimate law enforcement techniques.

EPIC also called for the Federal Communications Commission to
investigate the President's domestic surveillance program, and asked
Members to support EPIC's recommendation that the Commission undertake
an investigation of the possibly improper disclosure of telephone toll
records by the telephone companies that are subject to the privacy
obligations contained in the Communications Act.

EPIC's Testimony before the House Committee on Energy and Commerce on
the Truth in Caller ID Act of 2007 (pdf):

     http://www.epic.org/privacy/iei/hr251test.pdf

The Truth in Caller ID Act of 2007:

     http://thomas.loc.gov/cgi-bin/bdquery/z?d110:h.r.00251:

EPIC's page on Domestic Surveillance:

     http://www.epic.org/features/surveillance.html

========================================================================
[3] Homeland Security Abandons Visitor Tagging Plan Criticized by EPIC
========================================================================

Plans to use radio frequency identification (RFID) technology in the
US-VISIT border security system have been abandoned after pilot testing
failed, Department of Homeland Security Secretary Michael Chertoff
admitted in Congressional testimony on February 9th. A government report
released in January said testing of RFID tags embedded in I-94 documents
was unsuccessful. Chertoff said about the program, "I think, yes, we're
abandoning it. That's not going to be a solution."

In 2005, the Department of Homeland Security began testing RFID-enabled
I-94 forms in its United States Visitor and Immigrant Status Indicator
Technology (US-VISIT) program to track the entry and exit of visitors.
The RFID-enabled forms stored a unique identification number, which is
linked to data files containing foreign visitor's biographic
information, including name, date of birth, country of citizenship,
passport number and country of issuance, complete U.S. destination
address, and digital fingerscans.

EPIC has warned that the proposal to embed RFID tags in travel documents
places visitors to the United States at risk, citing the plan's lack of
basic privacy and security safeguards. In October 2005 comments to the
Department of Homeland Security, EPIC urged the Department to reject the
proposal. EPIC asserted that the timesaving benefits of RFID tag use
would be slight and significantly overshadowed by its privacy and
security risks. EPIC explained, as an invisible technology, RFID allows
a person's information to be accessed without his or her knowledge.
Anytime a visitor is carrying his I-94 RFID-enabled form, unauthorized
individuals could access his or her unique identification number, and
thus the biographic information linked to that number.

In a July 2006 report, the Department of Homeland Security's Inspector
General echoed EPIC's concerns, stating that the US-VISIT border
security program fails to protect data collected through the use of RFID
tags. The report found "security vulnerabilities that could be exploited
to gain unauthorized or undetected access to sensitive data" associated
with people who carried the RFID-enabled forms.

A report released by the Government Accountability Office in late
January identified numerous performance and reliability issues in
Department of Homeland Security's 15-month test.  The report detailed
the failure of RFID readers to detect a majority of visitors'
identification numbers. US-VISIT officials had set a target read rate at
70 percent, but a weeklong test demonstrated that RFID readers correctly
identified only 14 percent of identification numbers. Furthermore, the
report said that even if such performance and reliability issues were
addressed, questions remained about the program's future. The report
said that RFID failed to "meet a key goal of US-VISIT -- ensuring that
visitors who enter the country are the same ones who leave."
Essentially, the I-94 form could not guarantee that the person to whom
the form was issued would be the same individual exiting the country
with the form.

Government Accountability Office report (pdf):

     http://www.gao.gov/new.items/d07378t.pdf

DHS Inspector General Report (redacted) (pdf):

    http://www.dhs.gov/xoig/assets/mgmtrpts/OIGr_06-53_Jul06.pdf

EPIC's October 2005 comments to the Dept. of Homeland Security (pdf):

     http://www.epic.org/privacy/us-visit/100305_rfid.pdf

EPIC Guidelines on Commercial Use of RFID Technology (2004) (pdf):

     http://www.epic.org/privacy/rfid/rfid_gdlnes-070904.pdf

EPIC's page on RFID:

     http://www.epic.org/privacy/rfid/

EPIC's page on US-VISIT:

      http://www.epic.org/privacy/us-visit/

========================================================================
[4] FTC Report on Children's Online Privacy Protection Act
========================================================================

The Federal Trade Commission reports that the Child Online Privacy
Protection Act (COPPA) has been successful at protecting children's
privacy online.  The report concludes that no changes to the regulations
are warranted at this time, and that continuing enforcement with
increasing civil penalties against significant violations will
adequately deter unlawful conduct. The report was issued in according
with Congressional demands for a "rule review" after 5 years.

Congress enacted COPPA in 1998, and the FTC issued rules which became
effective in April of 2005.  COPPA requires explicit parental consent of
data collected on children under the age of 13; provides parents with
the ability to see the data that was collected; and allows consent to be
revoked and the data to be deleted.  COPPA enforcement is via a mixture
of FTC action and industry "safe harbor" self-regulation. The FTC has
certified certain self-regulatory bodies, and it will not prosecute
websites that comply with those bodies' standards.

The report identified the emerging issues of social networking sites and
convergence of technologies. Social networking sites are covered by
COPPA, but raise the new issue that the personal information is not
simply collected, but also presented to other viewers. Convergence of
technologies means that children will not be accessing the web solely on
personal computers, but also with wireless handhelds and other such
devices. This may make parental supervision more difficult.

EPIC filed comments for the report. In its comments, EPIC agreed that
COPPA had been successful in protecting children's privacy online. EPIC
also recommended more enforcement, in order to improve compliance and to
clarify regulatory standards. EPIC also recommended that the FTC begin
to look at cutting edge usability factors, in order to determine when
websites are "directed at children." Lastly, EPIC recommended that the
FTC take action to protect children's privacy offline.

FTC Report - Implementing COPPA - A Report to Congress (pdf):

     http://www.ftc.gov/reports/coppa/07COPPA_Report_to_Congress.pdf

EPIC Comments on COPPA:

     http://www.epic.org/privacy/kids/ftc_coppa_62705.html

EPIC's COPPA Page:

     http://www.epic.org/privacy/kids/

========================================================================
[5] State Department Issues Annual Human Rights Report
========================================================================

The US State Department has just released its annual human rights
report. The report, spanning over 1800 pages and over 180 countries,
describes the performance of governments in putting into practice their
international commitments on human rights reflected in the United
Nations Universal Declaration of Human Rights. Each country report
includes a section on privacy.

Privacy and freedom of expression issues are addressed in the report
mainly in the context of Internet censorship and surveillance. For
example, the report documents the arrest and detention of Internet
bloggers in Egypt and web journalists in China. Many countries passed
legislation requiring Internet cafes to record the identities of its
users and retain the data for law enforcement purposes.

The report also comments on limitations on Internet access. For example,
in Turkmenistan, no new accounts have been allowed in the capital since
September 2002; Vietnam forbids direct access to the Internet via
Internet Service Providers; and Iran blocks access to various foreign
news websites. Syria made use of its Emergency Law to censor citizens'
access to the Internet.

The report states that although Chinese legislation to protect privacy
exists, this was often ignored in practice in order to conduct
warrantless surveillance. Authorities monitored telephone conversations,
facsimile transmissions, e-mail, text messaging, and Internet
communications. Authorities also opened and censored domestic and
international mail. Interestingly, the US saw two similar developments
in the past year as concerning anti-terrorism investigation: the
revelation of its domestic surveillance program, which conducted
electronic surveillance on American citizens without judicial authority,
and the President's signing statement which purported to allow
warrantless search of mail.

Although the introduction acknowledges that the report was released at a
time when the United States' own record and actions taken have been
questioned, the report does not include a section on US human rights
performance.

US State Department Human Rights Report

     http://www.state.gov/g/drl/rls/hrrpt/2006/78766.htm

Privacy and Human Rights 2005

     http://www.powells.com/biblio/1893044254?&PID=24075 

========================================================================
[6] News in Brief
========================================================================

Secure Flight Five Years Behind Schedule, Delayed Until 2010

Implementation of Secure Flight, a federal passenger screening program,
will be delayed until 2010, at least five years behind schedule,
according to the Transportation Security Administration. Secure Flight
was designed to solve problems with people being mistakenly matched or
mistakenly listed on government terrorism watch lists. The program was
suspended a year ago after two government reports detailed security and
privacy problems. One report found 144 security vulnerabilities. About
$140 million has been spent on the program, and the TSA is seeking
another $80 million for proposed changes.

Government Accountability Office, Testimony on Secure Flight on Feb. 9,
2006 (pdf):

     http://www.gao.gov/new.items/d06374t.pdf

EPIC's page on Secure Flight:

     http://www.epic.org/privacy/airtravel/secureflight.html

Five New Congressional Research Service reports have become available

Congressional Oversight of Intelligence: Current Structure and
Alternatives, RL32525 (Feb. 15, 2007) (pdf). Among the alternatives this
report examines are the proposals in the 9/11 Commission Report for
creating a joint committee on intelligence or strengthening the
individual committees with authorization and appropriations power.

     http://www.fas.org/sgp/crs/intel/RL32525.pdf

Data Mining and Homeland Security: An Overview, RL 31798 (Jan. 18, 2007)
(pdf). The overview includes the major DHS data mining initiatives and
also notes limitations on the capability of data mining

     http://www.fas.org/sgp/crs/homesec/RL31798.pdf

Data Security: Federal Legislative Approaches, RL33273 (Jan. 25, 2007)
(pdf). The report addresses proposed legislation for  subject area;
privacy safeguards; restrictions on the use of social security numbers;
credit freezes; consumer reports; and preemption.

     http://www.epic.org/privacy/idtheft/RL33273.pdf
 
Remedies Available to Victims of Identity Theft, RL31919 (Jan. 23, 2007)
(pdf). The report covers federal laws that help victims correct their
credit records, as well as criminalize certain identity theft related
activity.

     http://www.epic.org/privacy/idtheft/RL31919.pdf

Identity Theft: State Penalties and Remedies and Pending Federal Bills,
RS 22484 (Jan. 11, 2007) (pdf). The reports lists state laws that
provide criminal and civil penalties for identity theft; credit freezes;
and social security number privacy.

     http://www.epic.org/privacy/idtheft/RS22484.pdf

Privacy Rights Clearinghouse Report: "Real ID Act Will Increase Exposure
to ID Theft"

In an alert posted on Feburary 28, Privacy Rights Clearinghouse reports
that the REAL ID Act will increase individuals' exposure to ID theft. 
The report states that one difficulty that ID theft victims face is the
presumption that the transactions completed in their name are
legitimate. Real ID may strengthen that presumption, because victims
would have to confront a perception that Real IDs are more secure and
difficult to obtain fraudulently. The report further states that Real ID
will create new opportunities for ID thieves, because the law creates a
national database of scanned copies of birth certificates, Social
Security cards, and any other documents that individuals present when
they apply for a license, and it mandates a nationally standardized
“machine-readable zone” that will let bars, merchants and other private
parties scan personal data off licenses with greater ease than ever
before, putting all that information into even greater circulation.

Privacy Rights Clearinghouse Alert on REAL ID:

     http://www.privacyrights.org/ar/real_id_act.htm

EPIC's page on National ID and REAL ID Act:

     http://www.epic.org/privacy/id_cards/

Hearing in the European Parliament on Passenger Name Records

On March 26, the European Parliament Committee on Civil Liberties,
Justice and Home Affairs (LIBE) will hold a public seminar on
Transatlantic Relations and Data Protection regarding passenger name
record information, SWIFT financial data, and the Safe Harbour
agreement. Growing EU concern about the privacy of personal data,
particularly after the disclosure of the US' use of the Automated
Targeting System on individuals, will weigh heavily in negotiations of a
new EU-US passenger name record transfer agreement this spring. The
European Parliament has adopted a Resolution on SWIFT, the PNR agreement
and the transatlantic dialogue on these issues, which calls for
Parliamentary involvement, greater transparency and the inclusion of
redress measures in future agreements.

European Parliament Hearings page:

     http://www.europarl.europa.eu/hearings/default_en.htm

LIBE Committee on Civil Liberties, Justice and Home Affairs:

     http://www.europarl.europa.eu/committees/libe_home_en.htm

European Parliament resolution on SWIFT, the PNR agreement and the
transatlantic dialogue on these issues:

     http://www.epic.org/redirect/EPresolution030907.html

EU-US Interim Agreement on the Transfer of Passenger Name Records
(October 2006):

     http://www.eurunion.org/newsweb/HotTopics/PNRAgreemntOct06.pdf

EPIC's page on EU-US Airline Passenger Data Disclosure:

     http://www.epic.org/privacy/intl/passenger_data.html

EPIC's page on Passenger Profiling:

     http://www.epic.org/privacy/airtravel/profiling.html

Canada lawmakers let anti-terror measures expire

Two anti-terror measures adopted as part of Canada's response to the
9/11 expired last week.  The opposition party defeated Prime Minister
Stephen Harper's bid to extend the measures for three years. In their
five years of existence, neither provision had ever been used. The
measures empower authorities to arrest and detain suspects for three
days without charge and to compel individuals with knowledge of
terrorist activity to testify before a judge. The vote not to renew the
provisions came only days after Canada's Supreme Court struck down a
provision of the Immigration and Refugee Protection Act allowing the
government to detain foreign terror suspects indefinitely while the
courts review their deportation orders.

The Anti-Terrorism Act (Bill C-36):

     http://canada.justice.gc.ca/en/anti_terr/act.html

Charkaoui v.  Canada (Citizenship and Immigration), 2007 SCC 9:

     http://scc.lexum.umontreal.ca/en/2007/2007scc9/2007scc9.html

Canadian Survey on Identity Fraud

The Canadian Strategic Counsel recently published its annual Fraud
Prevention Report for 2006. The survey found that 86% of Canadians
across all demographic groups consider marketing fraud to be a serious
problem, a slightly higher rate than the 2005 survey.  Almost the same
number of respondents believes that identity theft is on the rise. 1 in
6 Canadians surveyed reported having been victimized by identity theft
in 2006. However, few individuals make a significant effort to report or
resolve the incident. The most common reasons for not taking action
include that it requires too much effort to report, or the amount of
money was not significant enough to bother. Canada's Privacy
Commissioner has called for anti-spam legislation, noting that Canada is
the only G-8 country without such a law.

Canadian Strategic Counsel Fraud Prevention Report 2006 (pdf):

     http://www.epic.org/privacy/pdf/FraudPrevention030907.pdf

EPIC's page on Identity Theft:

     http://www.epic.org/privacy/idtheft/

Report on the Use of Government Watch Lists

The Constitution Project released a report entitled, "Promoting Accuracy
and Fairness in the Use of Government Watch Lists," which includes a
strong bipartisan call for protecting individual rights when the
government uses terrorist watch lists. The report urges policymakers to
promptly restrict the use of such watch lists, and adopt important
reforms to govern the situations in which they are used. The report
notes that the use of such lists extends well beyond airport security,
and the recent revelation of the existence of an “Automated Targeting
System” that gathers data on travelers and assigns computer generated
risk scores further underscores the need for clear policy reform.

The Constitution Project report “Promoting Accuracy and Fairness in the
Use of Government Watch Lists" (pdf):

     http://www.epic.org/privacy/pdf/WatchLists030907.pdf

EPIC's page on Passenger Profiling:

     http://www.epic.org/privacy/airtravel/profiling.html

EPIC's Spotlight on Surveillance on the Automated Targeting System:

     http://www.epic.org/redirect/ATS030907.html

2007 National Freedom of Information Day Conference

National FOI Day is an annual, daylong program of speaking and
discussion by specialists in various aspects of freedom of information,
updating developments in FOI over the preceding year. This year's
conference, “Access: Oversight & Priorities,” held on March 16, will
include discussions of government secrecy, publication of classified
information and access priorities for the coming year. The American
Library Association will present its annual James Madison Awards, and
new reports and publications will be released. The ninth annual FOI Day
Conference is sponsored by the First Amendment Center. Sunshine Week
will co-sponsor the event, which will be held in cooperation with the
American Library Association, OpenTheGovernment.org and the Coalition of
Journalists for Open Government.

First Amendment Center National FOI Day page:

     http://www.epic.org/redirect/FOIDay030907.html

EPIC's FOIA Notes page:

     http://www.epic.org/foia_notes/

========================================================================
[7] EPIC Bookstore: "Who Controls the Internet?"
========================================================================

"Who Controls the Internet: Illusions of a Borderless World" by
Jack Goldsmith and Tim Wu (Oxford University Press 2006).

     http://www.powells.com/partner/24075/biblio/9780195152661

“Is the Internet truly "flattening" the modern world? Will national
boundaries crumble beneath the ever-increasing volume of Internet
traffic? Goldsmith and Wu, both professors of law (Goldsmith at Harvard,
Wu at Columbia), think not, and they present an impressive array of
evidence in their favor. The authors argue national governments will
continue to maintain their sovereignty in the age of the Internet,
largely because of economics: e-businesses - even giants such as Yahoo,
Google and eBay - need governmental support in order to function. When
Yahoo, an American company, was tried in French court for facilitating
the auctioning of Nazi paraphernalia in violation of French law, the
company was eventually forced to comply with local laws or risk losing
the ability to operate in France. As eBay grew into an Internet
powerhouse, its "feedback" system could not keep up with cunning con
artists, so it hired hundreds of fraud prevention specialists (known as
"eBay cops"). Goldsmith and Wu begin with an overview of the Internet's
early days, replete with anecdotes and key historical chapters that will
be unknown to many readers, but their book quickly introduces its main
contention: that existing international law has the power to control the
Internet, a conclusion web pundits, cyberlaw specialists and courts
across the globe will inevitably challenge. Wu's and Goldsmith's account
of the power struggle between the Utopian roots of the Internet and the
hegemony of national governments is a timely chronicle of a history
still very much in the works.”

================================

EPIC Publications:

"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.
http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2005: An International Survey of Privacy Laws
and Developments" (EPIC 2006). Price: $60.
http://www.epic.org/bookstore/phr2005/phr2005.html

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
70 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2005 is the most comprehensive report on privacy
and data protection ever published.

================================

"FOIA 2004: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:
$40.
http://www.epic.org/bookstore/foia2004

This is the standard reference work covering all aspects of the Freedom
of Information Act, the Privacy Act, the Government in the Sunshine Act,
and the Federal Advisory Committee Act.  The 22nd edition fully updates
the manual that lawyers, journalists and researchers have relied on for
more than 25 years.  For those who litigate open government cases (or
need to learn how to litigate them), this is an essential reference
manual.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).  This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.
http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the
CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books
http://www.powells.com/features/epic/epic.html

================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:
https://mailman.epic.org/cgi-bin/control/foia_notes


========================================================================
[8] Upcoming Conferences and Events
========================================================================

RFID and Ubiquitous Computing. Trans Atlantic Consumer Dialogue. March
12, 2007. Brussels, Belgium. For more information:
http://www.tacd.org/

4th Annual Electronic Health Records Conference. Insight Information. 
March 13, 2007. Vancouver, Canada. For more information:
http://www.privcom.gc.ca/events/index_e.asp

Consumer Authentication: How Do You Know It Is Really Me? American Bar
Association, Section of Business Law. March 16, 2007. Washington, DC.

National FOI Day Conference. March 16, 2007. Washington DC. For more
information: http://www.firstamendmentcenter.org

Workshop on Surveillance & Inequality. Arizona State University. March
16-18, 2007. Tempe, Arizona. For more information:
http://publicsurveillance.com/workshop.html

Patient Privacy Coalition meeting. March 21, 2007. Washington DC. For
more information contact Dr. Deborah Peel at:
dpeelmd@patientprivacyrights.org

Data Privacy and Integrity Advisory Committee meeting. Department of
Homeland Security. March 21, 2007. Washington, DC.  For more information
contact: PrivacyCommittee@dhs.gov

5th Conference on Privacy and Public Access to Court Records. Center for
Legal and Court Technology and Administrative Office of the United
States Courts. March 22-23, 2007. Williamsburg, Virginia. For more
information:
http://www.courtaccess.org/

The Policy Challenges of Electronic Privacy.  European Parliamentary
Technology Assessment organization.  March 28, 2007.  Brussels, Belgium.
For more information contact viwta@vlaamsparlement.be

Communications event. American Bar Association. March 28, 2007.
Washington DC.

Privacy Coalition meeting. March 30, 2007. Washington DC. For
information contact Lillie Coney at: coney@epic.org

Proof Positive: New Directions for ID Authentication Public Workshop.
Federal Trade Commission. April 23 and 24, 2007. Washington DC. For more
information contact: idmworkshop@ftc.gov

CFP2007: Computers, Freedom, and Privacy Conference. Association for
Computing Machinery. May 2007. Montreal, Canada. For more information:
http://www.cfp2007.org

Conference on Interdisciplinary Studies in Information Privacy and
Security. Rutgers University. May 22, 2007. New Brunswick. For more
information: http://www.scils.rutgers.edu/ci/isips/

Privacy Compliance Conference. The Canadian Institute.  May 30-31, 2007.
Toronto, Canada.  For more information:
http://www.privcom.gc.ca/events/index_e.asp

29th International Conference of Data Protection and Privacy
Commissioners. September 25-28, 2007.  Montreal, Canada. For more
information:
http://www.privacyconference2007.gc.ca/Terra_Incognita_home_E.html

======================================================================
Subscription Information
======================================================================

Subscribe/unsubscribe via web interface:

https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news

Back issues are available at:

http://www.epic.org/alert

The EPIC Alert displays best in a fixed-width font, such as Courier.

========================================================================
Privacy Policy
========================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."

========================================================================
About EPIC
========================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC.  It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research.  For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009.  Or you can contribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

------------------------- END EPIC Alert 14.04 -------------------------

.