EPIC logo

  
========================================================================
                           E P I C  A l e r t
========================================================================
Volume 14.06                                             March 22, 2007
------------------------------------------------------------------------

                            Published by the
               Electronic Privacy Information Center (EPIC)
                            Washington, D.C.

             http://www.epic.org/alert/EPIC_Alert_14.06.html


========================================================================
Table of Contents
========================================================================
[1] Inspector General Discloses National Security Letter Misuse
[2] EPIC Testifies in Congress on Combatting Pretexting
[3] ICANN Committee Endorses Privacy Safeguards for WHOIS Data
[4] EPIC Appears Before Homeland Security Committee on REAL ID
[5] EPIC Opposes New ID Requirements for Voters
[6] News in Brief
[7] EPIC Bookstore: "The Hidden Face of Technology"
[8] Upcoming Conferences and Events

========================================================================
[1] Inspector General Discloses National Security Letter Misuse
========================================================================

On March 9, 2007, the Department of Justice Office of the Inspector
General (OIG) issued a report on the FBI's use of the National Security
Letter (NSL) authority.  National Security Letters represent an
extraordinary search procedure that permits the FBI to compel the
disclosure of records held by banks, telephone companies, and others
without judicial oversight. Recipients of these requests are forbidden
to reveal that they have received the request. NSLs have existed since
1986, but the Patriot Act's section 505 expanded the scope of whose
records could be reached with an NSL as well as the number of personnel
at the FBI that could issue them. NSL requests grew from an average of
8,500 a year to 40,000 in 2003, 56,000 in 2004, and 47,000 in 2005.

The FBI is required to report to Congress on the number of NSLs issued;
the OIG found that the FBI underreported this number. The OIG review
looked at 77 case files containing 293 NSLs out of a population of
140,000 during the 2003-2005 period. This review found that there were
17% more NSLs in the sample of case files than in FBI reporting
databases.  Delays in data entry also caused about 4,600 NSLs to not be
reported to Congress. The OIG concluded that the FBI database
significantly understates the number of NSL requests issued, and that
Congress has been misinformed about the scale of the usage of the NSL
authority.

The report also found significant violations of law and regulations. 
Violations are supposed to be self-reported by the FBI to the
Intelligence Oversight Board.  During the 3-year period in question, the
FBI self-reported 26 violations out of the 140,000 NSLs issued.  The OIG
found 22 potential violations out of the sample of 293 NSLs it reviewed.
 This indicates that large amounts of violations are not being
self-reported, as the OIG found that 22 percent of the files it
investigated contained possible violations.

The OIG also found over 700 "exigent letters," which are not authorized
by statute and some of which appear to have been issued when no exigency
or emergency existed. These letters requested records from telephone
companies and promised that proper subpoenas had been submitted or would
follow. However the OIG found no confirmation that subpoenas, National
Security Letters, or other proper process did follow or had in fact been
submitted. In 2005, EPIC uncovered documents concerning National
Security Letters that revealed violations of law reported to the
Intelligence Oversight Board.

Office of the Inspector General's Report (pdf):

     http://www.usdoj.gov/oig/special/s0703b/final.pdf

EPIC's Patriot Act Page:

     http://www.epic.org/privacy/terrorism/usapatriot/


========================================================================
[2] EPIC Testifies in Congress on Combatting Pretexting
========================================================================

In testimony before the House Energy and Commerce_ Committee on March 9,
EPIC Executive Director Marc Rotenberg testified in support of H.R. 936,
the Prevention of Fraudulent Access to Phone Records Act.  The Act would
increase privacy protections for phone records, and has received strong
support from both Democratic and Republican committee members alike. In
its testimony, EPIC stressed that action in this area is overdue.

In August 2005, EPIC petitioned the Federal Communications Commission
(FCC) to initiate a rulemaking to enhance security protections for
individuals' phone records. The FCC endorsed EPIC's petition in February
2006.  Yet, after more than a year has passed, there has been no
proposal from the FCC setting forth clear standards for telephone record
privacy.  The Prevention of Fraudulent Access to Phone Records Act would
begin to address the challenges the FCC has been unwilling or unable to
address.

At issue is the security of customer proprietary network information
(CPNI).  CPNI includes calling history and activity, billing records,
and unlisted telephone numbers of service subscribers.  CPNI can only be
released in limited circumstances, but the security of this data has
been compromised in recent years through the use of "pretexting," the
practice of online data brokers and private investigators accessing
personal information by pretending to be the account holder. The
Prevention of Fraudulent Access to Phone Records Act would strengthen a
telecommunication carrier's obligations to only disclose CPNI to its
owner or to authorized users.  Additionally, the Act requires the FCC to
prescribe regulations adopting more stringent security standards for
CPNI to detect and prevent violations of the Act by telecommunications
carriers.

Some of the regulations the Act requires the FCC to set forth rules on
are: timely notice to a customer if his or her data has been
compromised; requiring telecommunications carriers to keep a record of
each time a customer's record is requested, including how that person's
authority to access the information was verified; and requiring
telecommunications carriers to establish "appropriate" standards to
ensure security of CPNI.  The Act further recommends that the FCC
regulate regarding even stronger security measures, such as encryption
of data and data destruction after a certain period.  In its testimony,
EPIC strongly advocated for these measures, as it had done in its August
2005 petition.

EPIC also called for the Federal Communications Commission to
investigate the issue of whether telephone companies violated the
federal Communications Act when they disclosed the records of American
citizens to the government without judicial oversight.

EPIC's Testimony before the House Energy and Commerce Committee on the
Prevention of Fraudulent Access to Phone Records Act (pdf):

     http://www.epic.org/privacy/iei/roten_hcom0307.pdf

The Prevention of Fraudulent Access to Phone Records Act of 2007:

     http://thomas.loc.gov/cgi-bin/query/z?c110:H.R.936.IH:

EPIC's August 2005 Petition to the FCC:

     http://epic.org/privacy/iei/cpnipet.html

FCC's Feb. 2006 Press Release on Rulemaking (pdf):

     http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-263765A1.pdf

EPIC's page on Phone Record Security:

     http://epic.org/privacy/iei/


========================================================================
[3] ICANN Committee Endorses Privacy Safeguards for WHOIS Data
========================================================================

On March 12, 2007, the Internet Corporation for Assigned Names and
Numbers (ICANN)'s WHOIS task force issued its Final Report on WHOIS
Services. The task force considered two different approaches to limiting
the public availability of WHOIS data, and endorsed the Operational
Point of Contact (OPoC) proposal, which would remove registrants'
mailing addresses, phone and fax numbers and email addresses from the
Whois database, and replace this information with an "operational point
of contact" who would contact the registrant in the case of an issue
with the domain name.

EPIC submitted comments to ICANN supporting the Operational Point of
Contact proposal to limit access to registrants' information.  EPIC
stressed that current WHOIS policies requiring the publication of
personal information conflict with national privacy laws, and reach
beyond the original technical purpose of WHOIS, putting individual
registrants at risk of spamming, phishing, and identity theft. However,
EPIC also stated that while the OPoC proposal does provide more privacy
safeguard than currently exist, it does not go far enough. According to
EPIC, registrants' names and/or countries should be removed from public
access, because anonymous registration of domain names may be critical
for political, artistic and religious expression.

The OPoC proposal met with much resistance from the intellectual
property community, who considers WHOIS data an important tool for
trademark enforcement and investigation of infringing and/or fraudulent
web sites. The OPoC proposal's initiators acknowledged EPIC's statement
that the name and country of registrants should also be removed, but
stated that "in the interests of preserving the existing compromises"
made by the task force, the name and country information will remain
publicly available.

Also on March 12, the Article 29 Working Party issued a letter to ICANN
expressing its support of the OPoC. Similar to EPIC's comments, the
Working Party pointed to conflicts between current WHOIS practice and EU
legislation and international guidelines, and concluded that
non-commercial users' names and countries should only be published with
consent.

The Final Report will be discussed at the upcoming public ICANN meetings
in Lisbon on March 26-30, 2007.  The GNSO Council will then make a
policy recommendation to the ICANN Board.

Final Task Force Report on WHOIS Services:

     http://www.epic.org/redirect/whois0307.html

Article 29 Working Party Letter to ICANN (pdf):

     http://gnso.icann.org/correspondence/schaar-to-cerf-12mar07.pdf

EPIC's Comments on Preliminary Task Force Report:

     http://www.epic.org/privacy/whois/comments.html

EPIC's WHOIS page:

     http://www.epic.org/privacy/whois/


========================================================================
[4] EPIC Appears Before Homeland Security Committee on REAL ID
========================================================================

At a Department of Homeland Security Data Privacy and Integrity Advisory
Committee meeting on Wednesday, EPIC and other groups explained the many
security, financial and privacy costs created by the REAL ID Act and its
proposed implementation regulations. On March 1, more than two years
after Congress rushed through passage of the REAL ID Act, the Department
of Homeland Security announced proposed regulations that would turn the
state driver's license into a national identity card. The estimated cost
of the plan could be as high as $23.1 billion, according to the federal
government.

At the hearing, EPIC, officials from the Department of Homeland
Security, the ACLU, the Center for Democracy and Technology, the states
of Massachusetts and Texas, and the National Governors Association
testified about the proposed regulations. All those who testified, with
the exception of representatives from DHS, discussed various problems
created by the proposed regulations. Melissa Ngo, Director of EPIC's
Identification and Surveillance Project, said, "the biggest problem is
the failure to establish adequate privacy and security safeguards in a
system to identify 245 million license and ID cardholders nationwide."

EPIC, ACLU and CDT explained that the ubiquity of state driver's
licenses and ID cards mandate that only REAL ID cards will be used for
federal purposes, and universal design for non-REAL ID cards discussed
in the proposed regulations, add up to a national ID card and an
atmosphere where people without such cards will be looked upon with
suspicion. Ngo said, "We already see this with states that have rejected
REAL ID implementation … and other critics of the REAL ID Act and
proposed regulations have been labeled anti-security. It is not
anti-security to reject a national identification system that does not
add to our security protections."

Jonathan Frenkel, DHS Senior Policy Adviser, admitted in his testimony
that it will be possible to circumvent the REAL ID system's security,
because every system can be compromised. This universal vulnerability of
any centralized system of identification, such as the proposed scheme,
increases the criminals doing an end-run around the system, Ngo said.
"Several layers of security protect you more than one universal layer,
such as a national ID card," she said.

Barry Steinhardt, Director of the ACLU's Technology & Liberty Program,
described the many ways in which the proposed regulations failed to
address security and privacy concerns. ACLU found that the regulations
"solve only 9 percent of problems with the act that have been
identified." He said the regulations failed to address, among other
things, threats to safety of individuals, such as domestic violence
victims, from the "principal address" requirement. Sophia Cope, Staff
Attorney at the Center for Democracy and Technology, explained that the
national database and unencrypted machine-readable zone would lead to a
massive expansion of data-gathering by third parties, such as clubs or
insurance companies. This would greatly increase the risk of identity
theft, and increase the possibility of mission creep. Department of
Homeland Security Secretary Michael Chertoff has discussed the
possibility of broadly expanding the use of REAL ID cards. He said they
might "be used for a whole host of other purposes where you now have to
carry different identification."

During the question and answer period, several committee members
expressed concern about the possible security and privacy threats.
Committee member Neville Pattinson said that security and privacy
questions about the machine-readable zone technology, which allows data
to be directly downloaded, are not "question[s] of encryption, but of
accessibility and who should have access to it." Committee member Ana
Anton noted that privacy and security are not independent of each other.
"Privacy is an operational consideration … the cost is far greater if we
don't design [privacy safeguards] from the start."

The proposed REAL ID implementation regulations are open for comment
until May 8, 2007. To take action and talk to Congress about this
ill-conceived identification scheme, visit the Electronic Frontier
Foundation's Take Action page: http://www.epic.org/redirect/EFF030907

DHS Data Privacy and Integrity Advisory Committee:

     http://www.dhs.gov/xinfoshare/committees/gc_1161274938888.shtm

DHS's Notice of Proposed Rulemaking on REAL ID:

     http://www.dhs.gov/xprevprot/laws/gc_1172765386179.shtm

DHS Privacy Office's Privacy Impact Assessment of the Proposed
Regulations (pdf):

     http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_realid.pdf

EPIC's Testimony at March 21, 2007 Meeting of DHS Data Privacy and
Integrity Advisory Committee (pdf):

     http://www.epic.org/privacy/id_cards/ngo_test_032107.pdf

CDT's Testimony at March 21, 2007 Meeting of DHS Data Privacy and
Integrity Advisory Committee:

     http://www.cdt.org/testimony/

ACLU's Real ID Scorecard:

     http://www.realnightmare.org/resources/106/

National Governors Association's Page on REAL ID:

     http://www.epic.org/redirect/nga0307.html

EPIC's Spotlight on Surveillance on REAL ID Regulations:

     http://www.epic.org/privacy/surveillance/spotlight/0307

EPIC's page on National ID Cards and the REAL ID Act:

     http://www.epic.org/privacy/id_cards/


========================================================================
[5] EPIC Opposes New ID Requirements for Voters
========================================================================

The House Committee on the Judiciary held a hearing entitled,
"Protecting the Right to Vote: Election Deception and Irregularities in
Recent Federal Elections," on March 7, 2007. The hearing took testimony
from several members of Congress, including Senators Obama and Cardin as
well as Congresspersons Emanuel, Sanchez, King and Bilbray.

Both the Senate and the House of Representatives introduced bills that
define election engagement activity as a "deceptive practice" if it is
known that the "communication is false information."  Penalties for
deceptive campaign practices would include a felony charge and
increasing the penalty up to $250,000 or five years imprisonment.

Some the deceptive campaign tactics used in recent elections include:
auto-dialers that provided inaccurate information on polling locations
to voters; direct mail that warned naturalized individuals and voters
with Hispanic surnames of criminal penalties should they vote; and
leaflets that implied community leaders' support for candidates that
were not factual.

Other issues raised during the hearing included the charge of voter
identity fraud and the need to increase voter identification
requirements. Recently, several proposals have been advanced at both the
federal and state level to change existing election administration
regulations to require eligible electors to provide proof of citizenship
in order to register to vote and/or present a form of photo
identification in order to cast a ballot.  The approved forms of proof
of citizenship or photo identification vary across jurisdictions but, in
general, the options are limited to a few government-issued documents.

EPIC submitted a statement for the hearing record that said, "[t]he
notable increase of disinformation and misinformation efforts directed
at otherwise eligible voters to impede their decision to vote in public
elections is disturbing.  Further, the idea of voter identity theft
raises alarm about the security and integrity of the voter registration
and ballot casting process."  However, "EPIC finds the ideas of proof of
citizenship and photo identification requirements an extreme approach to
a yet undefined problem that has yet to be acknowledged by election
administration professionals or state attorneys generals as a pressing
issue."

EPIC's Testimony before the House Committee of the Judiciary on
“Protecting the Right to Vote” (pdf):

     http://www.epic.org/privacy/voting/epic_voter_id_comments.pdf

Judiciary Committee Hearing “Protecting the Right to Vote: Election
Deception and Irregularities in Recent Federal Elections”:

     http://judiciary.house.gov/oversight.aspx?ID=279

Senate Resolution 453, Deceptive Practices and Voter Intimidation
Prevention Act of 2007 (pdf):

     http://votingintegrity.org/pdf/s453.pdf

House Resolution 1281, Deceptive Practices and Voter Intimidation
Prevention Act of 2007 (pdf):

     http://www.epic.org/privacy/voting/hr1281.pdf

National Committee for Voting Integrity:

     http://votingintegrity.org/

EPIC's Voting Privacy Page:

     http://www.epic.org/privacy/voting/


========================================================================
[6] News in Brief
========================================================================

Google Announces Data Retention Policy

Google Inc. announced its new data retention policy last week.   Google
stated that it will partly obscure the IP address associated with its
users' searches after somewhere between 18 and 24 months, "unless
legally required to retain the data for longer." Previously, said
Google, "we kept this data for as long as it was useful." The
information on specific searches will remain indefinitely but it will be
harder to tie searches to specific individuals or computers. The 18-24
month retention period represents the maximum period of data retention
currently adopted in the EU Directive on Mandatory Retention of
Communications Traffic Data. The US has not yet legislated on data
retention periods, but bill H.R. 837, introduced in the House on
February 6, 2007, would require the Attorney General to issue
regulations governing the retention of records by Internet Service
Providers.

EU Directive on Mandatory Retention of Communications Traffic Data:

     http://www.epic.org/redirect/eudirective0307.html

H.R. 837, Internet Stopping Adults Facilitating the Exploitation of
Today's Youth Act (SAFETY) of 2007:

     http://thomas.loc.gov/cgi-bin/bdquery/z?d110:h.r.00837:

EPIC's Data Retention page:

     http://www.epic.org/privacy/intl/data_retention.html


DHS Privacy Office Assesses Proposed REAL ID Regulations

The Department of Homeland Security Privacy Office has released its
Privacy Impact Assessment of the proposed regulations to implement the
REAL ID Act, which mandates federal requirements for state driver's
licenses and requires state DMVs to verify identification documents,
such as birth certificates. The Assessment "examines the manner and
method by which the personal information of American drivers and ID
holders will be collected, used, disseminated, and maintained pursuant
to the proposed [regulations]." Notably, the proposed regulations do not
mandate encryption technology to protect the privacy and security of
personal, data even though the Privacy Office recommends such technology
in its assessment.

DHS Privacy Office's Privacy Impact Assessment of the Proposed
Regulations (pdf):

     http://www.dhs.gov/xlibrary/assets/privacy/privacy_pia_realid.pdf

EPIC's page on National ID Cards and the REAL ID Act:

     http://www.epic.org/privacy/id_cards/


European Commission Report Discusses Public Knowledge of RFID Use

A new report from the European Commission reviewed a poll of 2,190
respondents from European Union member-states concerning the use of
radio frequency identification technology. "Overall, 60% of respondents
feel that there is insufficient information available to make an
informed analysis of RFID technologies," the report said. The report
also looked at privacy questions, and found that "privacy is seen as
being more than just the security of the devices or the protection of
the personal data per se (integrity, illegal access, etc.). It extends
to the use of personal data in networks; its storage, collection and how
it is linked to different sources," (emphasis in original). The report
is one of the first steps in the European Commission's plan to develop
guidelines for the use of RFID by government agencies and commercial
businesses. In December, a report from the U.S. Department of Homeland
Security Data Privacy and Integrity Advisory Committee urged against
using RFID technology unless it is the "least intrusive means to
achieving departmental objectives."

European Commission Report: Results of the Public Online Consultation on
Future Radio Frequency Identification Technology Policy (pdf):

     http://www.epic.org/redirect/eurfid0307.html

Department of Homeland Security, Data Privacy and Integrity Advisory
Committee, The Use of RFID for Human Identity Verification (Report No.
2006-02) (Dec. 6, 2006) (pdf):

     http://www.epic.org/redirect/dhsrfid0307.html

EPIC's Page on RFID:

     http://www.epic.org/privacy/rfid/


Senate Fails to Establish Independence for Privacy Oversight Board

Bill S.4, Improving America's Security Act of 2007, passed by the Senate
last week, purports to implement unfinished recommendations of the 9/11
Commission. However, the bill fails to establish independence for the
Privacy and Civil Liberties Oversight Board, which is currently within
the Executive Office of the President. EPIC recommended stronger
oversight mechanisms for the Board, consistent with the recommendations
of the 9-11 Commission Report, in its testimony before the 9/11
Commission. The House has introduced the Implementing the 9/11
Commission Recommendations Act of 2007, H.R.1, that would make the
Privacy Board into an independent agency, require Senate confirmation of
all members, and establish subpoena authority and reporting
requirements.  The measure passed the House of Representatives on
January 9, 2007.

S.4, Improving America's Security Act of 2007:

     http://thomas.loc.gov/cgi-bin/bdquery/z?d110:s.00004:

H.R.1, Implementing the 9/11 Commission Recommendations Act of 2007:

     http://thomas.loc.gov/cgi-bin/query/z?c110:H.R.+1:

EPIC's Testimony Before 9/11 Commission (pdf):

     http://www.epic.org/privacy/terrorism/911commtest.pdf

EPIC's Report on Oversight:

     http://papers.ssrn.com/sol3/papers.cfm?abstract_id=933690


EPIC Calls on Congress to Withdraw Abused NSL Authority

In a letter to the Senate Judiciary Committee, EPIC recommended that
Congress repeal the National Security Letter authority. National
Security Letters permit the FBI to compel the disclosure of records held
by banks, telephone companies, and others without judicial oversight. In
2005, EPIC uncovered documents concerning National Security Letters that
revealed violations of law reported to the Intelligence Oversight Board.
More recently, the Office of Inspector General reported serious misuse
of the power at the FBI.

EPIC's Letter to Committee of the Judiciary:

     http://www.epic.org/privacy/pdf/nsl_letter.pdf

EPIC Patriot Act Page:

     http://www.epic.org/privacy/terrorism/usapatriot/


========================================================================
[7] EPIC Bookstore: "The Hidden Face of Technology"
========================================================================

The Hidden Face of Technology: Is Technology Turning Britain into a
Fascist State? By Philip N. Thompson (Frogeye Publications 2006).

     http://www.powells.com/partner/42075/biblio/9780955304019

Thompson understands technology, and knows that it raises issues not
simply about the inventions themselves, but about how society uses, and
forms around, new technologies. He also knows that surveillance is being
put in place in democratic countries by design: while many “think of a
surveillance society as something sinister and of dictatorships
reminiscent of Cold War countries such as Russia and East Berlin… the
surveillance society is more a result of the modern organizational
practices of businesses, government and the military." The "hidden face"
of technology then, is represented by the people directing, controlling,
and using technology to monitor.  Individuals may or may not see the
Radio Frequency Identification (RFID) tag on an item in the store;
however, the tag allows a system to surreptitiously track and profile
individuals based on that RFID tag.  Thompson gives the example of a
system that outputs - in real time -- the percentage probability that
someone in a given store is planning on stealing a packet of Mach3
razors! We may see the technology, we may be told it exists, and we may
be told of its consequences.

The book's sixteen chapters each cover a different privacy topic, such
as: video surveillance; biometrics; communications and email monitoring;
cell phones; and supermarket loyalty cards. He describes the various
stakeholder interests in deploying each technology, such as the
constable that wants cameras reading license plates every few miles on
the road. Thompson gives examples, real or imagined, of the threats to
privacy and security that these systems create.  Each chapter describes
the technology and the threats faced in straightforward terms, and
provides URLs for resources on each topic. Thompson also adds a quick
overview of privacy in Britain. The book serves both as a comprehensive
introduction for beginners as well as a useful resource for those with
more experience in privacy issues.

-- Guilherme Roschke

================================

EPIC Publications:

"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.
http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2005: An International Survey of Privacy Laws
and Developments" (EPIC 2006). Price: $60.
http://www.epic.org/bookstore/phr2005/phr2005.html

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
70 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2005 is the most comprehensive report on privacy
and data protection ever published.

================================

"FOIA 2004: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:
$40.
http://www.epic.org/bookstore/foia2004

This is the standard reference work covering all aspects of the Freedom
of Information Act, the Privacy Act, the Government in the Sunshine Act,
and the Federal Advisory Committee Act.  The 22nd edition fully updates
the manual that lawyers, journalists and researchers have relied on for
more than 25 years.  For those who litigate open government cases (or
need to learn how to litigate them), this is an essential reference
manual.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).  This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.
http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the
CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books
http://www.powells.com/features/epic/epic.html

================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:
https://mailman.epic.org/cgi-bin/control/foia_notes


========================================================================
[8] Upcoming Conferences and Events
========================================================================

5th Conference on Privacy and Public Access to Court Records. Center for
Legal and Court Technology and Administrative Office of the United
States Courts. March 22-23, 2007. Williamsburg, Virginia. For more
information:
http://www.courtaccess.org/

The Policy Challenges of Electronic Privacy.  European Parliamentary
Technology Assessment organization.  March 28, 2007.  Brussels, Belgium.
For more information contact viwta@vlaamsparlement.be

Communications event. American Bar Association. March 28, 2007.
Washington DC.

Privacy Coalition meeting. March 30, 2007. Washington DC. For
information contact Lillie Coney at: coney@epic.org

Security and Liberty Forum. University of North Carolina. April 14,
2007. Chapel Hill, NC. For more information: www.seclibforum.org

Proof Positive: New Directions for ID Authentication Public Workshop.
Federal Trade Commission. April 23 and 24, 2007. Washington DC. For more
information contact: idmworkshop@ftc.gov

CFP2007: Computers, Freedom, and Privacy Conference. Association for
Computing Machinery. May 2007. Montreal, Canada. For more information:
http://www.cfp2007.org

Conference on Interdisciplinary Studies in Information Privacy and
Security. Rutgers University. May 22, 2007. New Brunswick. For more
information: http://www.scils.rutgers.edu/ci/isips/

Privacy Compliance Conference. The Canadian Institute.  May 30-31, 2007.
Toronto, Canada.  For more information:
http://www.privcom.gc.ca/events/index_e.asp

29th International Conference of Data Protection and Privacy
Commissioners. September 25-28, 2007.  Montreal, Canada. For more
information:
http://www.privacyconference2007.gc.ca/Terra_Incognita_home_E.html

======================================================================
Subscription Information
======================================================================

Subscribe/unsubscribe via web interface:

https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news

Back issues are available at:

http://www.epic.org/alert

The EPIC Alert displays best in a fixed-width font, such as Courier.

========================================================================
Privacy Policy
========================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."

========================================================================
About EPIC
========================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC.  It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research.  For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009.  Or you can contribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

------------------------- END EPIC Alert 14.06 -------------------------

.