======================================================================== E P I C A l e r t ======================================================================== Volume 14.09 May 3, 2007 ------------------------------------------------------------------------ Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_14.09.html ======================================================================== Table of Contents ======================================================================== [1] More Than 50 Groups, 75 Blogs Join Campaign to Stop REAL ID [2] EPIC Recommends Strong Privacy Safeguards for Breach Investigations [3] Google Shareholder Group Urges Data Retention Policy Disclosure [4] Privacy Board Releases Report, Privacy Act Missing in Action [5] Spotlight: SAVE System Has 11-Year Record of Unreliability [6] News in Brief [7] EPIC Bookstore: "Illusions of Security" [8] Upcoming Conferences and Events ======================================================================== [1] More Than 50 Groups, 75 Blogs Join Campaign to Stop REAL ID ======================================================================== This week, 54 organizations representing transpartisan, nonpartisan, privacy, consumer, civil liberty, civil rights, and immigrant organizations joined to launch a national campaign to solicit public comments to stop the nation's first national ID system: REAL ID. The groups joining in the anti-REAL ID campaign are concerned about the increased threat of counterfeiting and identity theft, lack of security to protect against unauthorized access to the document's machine readable content, increased cost to taxpayers, diverting of state funds intended for homeland security, increased costs for obtaining a license or state issued ID card, and because the REAL ID would create a false belief that it is secure and unforgeable. The campaign is creating buzz on the Web. More than 75 blogs have written about the campaign. Readers are being urged to speak out against the national ID system. This effort builds on the momentum that is signaling broad opposition to the REAL ID in the states. Montana has become the fifth state, following Maine, Idaho, Arkansas, and Washington, to reject implementation of the REAL ID national identification system. Under the Act, states and federal government would share access to a vast national database that could include images of birth certificates, marriage licenses, divorce papers, court ordered separations, medical records, and detailed information on the name, date of birth, race, religion, ethnicity, gender, address, telephone, e-mail address, Social Security Number for more than 240 million with no requirements or controls on how this database might be used. Many may not have the documents required to obtain a REAL ID, or they may face added requirements base on arbitrary and capricious decisions made by DMV employees. EPIC joins this group of 54 organizations in a fight against the national identification system created by the Department of Homeland Security. "Make no mistake, this is a national identification system that will affect your everyday life," said Melissa Ngo, Director of EPIC's Identification and Surveillance Project. "Critics of the REAL ID scheme are called anti-security, but it is not anti-security to reject a national identification system that will harm our national security and make it easier for criminals to pretend to be law-abiding Americans." The draft regulations to implement the REAL ID Act are open for comment until 5 p.m. EST on May 8, 2007. To take action, submit comments against the fundamentally flawed national identification scheme, under Docket No. 2006-0030-0001. Stop REAL ID Campaign site: http://www.privacycoalition.org/stoprealid Department of Homeland Security's Notice of Proposed Rulemaking on REAL ID: http://www.dhs.gov/xprevprot/laws/gc_1172765386179.shtm Sample Text for Comments: http://www.privacycoalition.org/stoprealid/sampletext.html EPIC's page on National ID Cards and REAL ID Act: http://www.epic.org/privacy/id_cards/ ======================================================================== [2] EPIC Recommends Strong Privacy Safeguards for Breach Investigations ======================================================================== In comments to the Federal Trade Commission this week, EPIC urged the FTC to limit the disclosure of personal information related to security breach investigations. EPIC said that the Privacy Act exemption sought by the Commission was far too broad, and the Commission should notify individuals whose personal data may have been improperly disclosed in a security breach before other government agencies are notified. EPIC criticized the FTC proposal to broadly expand a Privacy Act exemption to allow disclosure of affected individuals' personal data to the "vague groups that the FTC finds 'reasonably necessary to assist' the agency in 'in connection with' its response to security breaches, that are 'suspected or confirmed.'" EPIC said that a data breach, or suspected breach, should not entitle even more people to view the personal data of the individuals affected by the security breach. "Such mass disclosure is especially questionable in light of the financial nature of the data involved. Would the entire case file, including Social Security Numbers and credit card information, be released to all the 'agencies, entities, and persons' that the FTC finds 'reasonably necessary to assist' in its investigations?” In response to a security breach, some specific disclosures of certain information to other agencies for a particular purpose might be necessary. However, identity theft is a crime of opportunity, so one protective measure is to reduce opportunities for the compromise of personal information. EPIC recommended that the FTC significantly narrow the exemption by "creat[ing] tiers of access, allowing specific categories of individuals limited access to the data, according to the needs of the investigation." EPIC also responded to the report released by the President's Identity Theft Task Force released its recommendations on April 23. The Task Force is co-chaired by Attorney General Alberto Gonzales and Federal Trade Commission Chairman Deborah Platt Majoras and includes the heads of other executive agencies. The plan recommended a national standard on data security and breach notification, which would preempt state laws that provide greater protection. The Task Force did not address fraud prevention directly; instead, it called for workshops on authentication. EPIC expressed surprise that the Task Force focused more on how to expand law enforcement authority to combat identity theft after the crime has been committed than on creating stronger privacy and security practices to reduce the risk of identity theft being committed. This approach is contrary to the one suggested by EPIC in January 2007 comments to the Task Force. In those comments, EPIC explained, "The best long-term approach to the problem of identity theft is to minimize the collection of personal information and to develop alternative technologies and organizational practices." EPIC also recommended the adoption of privacy enhancing technologies, data minimization, and meaningful remedies when security breaches and privacy violations occur. EPIC's Comments to the Federal Trade Commission (Apr. 30, 2007) (pdf): http://www.epic.org/privacy/idtheft/ftc_comm_043007.pdf President's Identity Theft Task Force Strategic Plan (pdf): http://www.idtheft.gov/reports/StrategicPlan.pdf EPIC's Comments to the Task Force (Jan. 2007) (pdf): http://www.epic.org/privacy/idtheft/EPIC_FTC_ID_Theft_Comments.pdf EPIC's Page on Identity Theft: http://www.epic.org/privacy/idtheft/ ======================================================================== [3] Google Shareholder Group Urges Data Retention Policy Disclosure ======================================================================== Last week, a Google shareholder group submitted a proposal to ban censorship and protect user identity. The proposal was submitted by the Office of Comptroller of New York City, which oversees retirement plans for city employees, teachers, police officers, and firefighters. Combined, these funds hold 486,617 shares of Google stock worth about $228.2 million. The proposal argues that the United Nation's Universal Declaration of Human Rights guarantees the freedom to access information on the Internet. Accordingly, the proposal urged Google to institute the following "minimum standards" to protect freedom of Internet access in human-rights challenged countries: (1) not hosting personally identifiable information in counties that censor Internet access, where political speech can be considered a crime; (2) not engaging in pro-active censorship; (3) using all legal means to resist demands for censorship, and only engage in censorship when legally required; (4) informing users when Google has agreed to a government censorship request; (5) informing users about Google's data retention and data sharing policies; and (6) documenting all instances in which Google complies with a legally binding censorship request, and make such information publicly available. In September 2006, EPIC sent a letter to Department of Commerce Secretary Carlos Gutierrez, urging the Department to restrict the export of high-tech surveillance equipment used for communications surveillance and censorship to China. In its letter, EPIC cited the 2005 U.S. State Department report and the Privacy and Human Rights report, which document the role that surveillance and censorship technology play in political repression. While most of the proposed standards pertain to censorship, the Office of the Comptroller also included a requirement that Google inform its users about its data retention policies. On April 20, 2007, EPIC, the Center for Digital Democracy and the US Public Interest Research Group filed a complaint with the Federal Trade Commission, urging the Commission to open an investigation into Google's data retention policies, specifically in light of its recent proposed acquisition of DoubleClick. The complaint called on the Commission to force Google to comply with internationally recognized privacy guidelines such as the Organization for Economic Co-operation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, which recognized that "the right of individuals to access and challenge personal data is generally regarded as perhaps the most important privacy protection safeguard." The Google Board of Directors has recommended that shareholders vote against the proposal. Three members of the Board, Google CEO Eric Schmidt and founders Larry Page and Sergey Brin, hold 66.2 percent of Google's shares, and thus the proposal is unlikely to pass at the annual shareholder's meeting on May 10. However, it may force Google to explain how it intends to maintain its "do no evil" motto while simultaneously engaging in complicity in foreign countries' censorship activities and failing to comply with the U.N. Universal Declaration of Human Rights. Proposal by the Office of the Comptroller of New York City: http://www.epic.org/redirect/nycomp0507.html EPIC's September 2006 letter to Dept. of Commerce Secretary Gutierrez (pdf): http://www.epic.org/privacy/intl/doc_china_letter.pdf EPIC's "Filters and Freedom" (collection of essays, studies, and critiques of Internet content filtering, explaining why filtering threatens free expression): http://www.epic.org/bookstore/filters2.0/ EPIC and Privacy International, "Privacy and Human Rights 2005," China Report (pdf): http://www.epic.org/redirect/phr0507.html ======================================================================== [4] Privacy Board Releases Report, Privacy Act Missing in Action ======================================================================== The President's Privacy and Civil Liberties Oversight Board has released its first annual report to Congress. The report lists various activities during the past year, but provides little insight as to the Board's position on such key issues as the President's domestic surveillance program, government watch lists, or the terrorist scoring that the Department of Homeland Security assigns to US citizens. A search for "Privacy Act," the primary federal law that safeguards the rights of Americans, produces 0 hits. The Privacy and Civil Liberties Board, which operates within the Executive Office of the President, is intended to "[advise] the President and other senior executive branch officials to ensure that concerns with respect to privacy and civil liberties are appropriately considered in the implementation of all laws, regulations, and executive branch policies related to efforts to protect the Nation against terrorism." Its five members are appointed by and serving at the pleasure of the President. The Board focused on a few specific issues in its first year. Among these issues is the National Security Agency's controversial domestic surveillance program. After review by the Board, consisting mainly of briefings by the NSA itself, the Board determined that "the Executive Branch's conduct of these surveillance activities protects the privacy and civil liberties of U.S. persons." The Board's assessment is in contrast to Congressional and public criticism of President Bush's secret 2002 order allowing the NSA to conduct warrantless surveillance of international telephone and Internet communications on American soil. The Board also reported its efforts to coordinate a unified redress procedure between the agencies that control the government's vast array of watch lists. These efforts, the report states, have resulted in the submission of a final draft of a Memorandum of Understanding (MOU) for the signature of the heads of the various agencies involved. The MOU has not yet been executed. EPIC and others have repeatedly criticized the inadequate redress procedure, urging the Department of Homeland Security fully apply Privacy Act requirements of notice, access, and correction to the redress program and its underlying system of watch lists. EPIC explained that full application of the Privacy Act requirements to government record systems is the only way to ensure that data is accurate and complete, which is especially important in the context of watch lists, where mistakes and misidentifications are costly. The Board's report provides few details on program operations or what internal controls are in place to protect civil liberties in any of the government programs evaluated. EPIC has published a detailed report recommending changes to the Board. Legislation that aims to remedy some of the issues currently preventing the Board from providing effective oversight has passed in the Senate and the House. Report from the White House Privacy and Civil Liberties Board (pdf): http://www.privacyboard.gov/reports/2007/congress2007.pdf EPIC's Report Recommending Changes to the Board (pdf): http://epic.org/epic/ssrn-id933690.pdf EPIC's Comments to the Department of Homeland Security about Redress Program (pdf): http://www.epic.org/privacy/airtravel/profiling/trip_022007.pdf EPIC Resources on Domestic Surveillance: http://www.epic.org/features/surveillance.html EPIC's Spotlight on Surveillance: Legality of NSA's Secret Eavesdropping Program Is Suspect and Cost is Unknown (Jan. 2006): http://www.epic.org/privacy/surveillance/spotlight/0106/ ======================================================================== [5] Spotlight: SAVE System Has 11-Year Record of Unreliability ======================================================================== This month, EPIC's Spotlight on Surveillance program scrutinizes the Department of Homeland Security's Systematic Alien Verification for Entitlements ("SAVE") program. For Fiscal Year 2008, DHS seeks $21.6 million for the program run by Citizenship and Immigration Services. In its 11-year history, the verification system has been plagued with accuracy, reliability and management problems. SAVE was created in response to the Immigration Reform and Control Act of 1986, which required the creation of a system for verifying the eligibility status of non-citizen applicants for federal benefits programs. SAVE also is being used to verify employment eligibility status in a pilot program called Basic Pilot. SAVE and Basic Pilot are supported by the Verification Information System technical infrastructure, "a nationally accessible database of selected immigration status information containing in excess of 100 million records." SAVE is used by more than 150,000 federal, state and local agency personnel, according to Citizenship and Immigration Services. Of the United States' 8 million employers, about 11,200 use Basic Pilot. In its 11-year history, SAVE has been plagued with problems. A 1995 review of the system by the Inspector General of the Department of Health and Human Services found several problems and admitted that she could not determine the cost-effectiveness of the program. Among other things, the Inspector General said that there were deficiencies the design and operation of the SAVE system. "SAVE data is not always provided in a timely manner; the SAVE data base is not current; INS immigration status responses are not always clear; and SAVE is prone to manual keying errors," said the Inspector General. In a 1997 report and a 2002 follow-up review, the Inspector General of the Department of Justice found that data from the Immigration and Naturalization Service was unreliable and "flawed in content and accuracy." In a report last year from the National Governors Association, the National Conference of State Legislatures and the American Association of Motor Vehicle Administrators, the groups assessed the SAVE system, which is currently used by 21 states. The groups found SAVE still has accuracy problems. "[I]nsufficient information is available for states to reliably identify and validate an individual's 'pending' immigration status. States also report real-time verification is not attainable approximately one-quarter of the time, which necessitates a time-consuming process to meet this requirement," according to the report. Though the SAVE verifications should take up to 20 working days at the most, it has taken two months for some verifications. Under the Department of Homeland Security's draft regulations for the national identification scheme created under the REAL ID Act, SAVE is one of the four systems that States are required to use to verify applicant information. The REAL ID system is supposed to be implemented by May 2008, however SAVE is full of problems and it is unlikely that it will be ready by then. The public is encouraged to submit comments on the draft regulations, which are due by 5 p.m. EST on May 8, 2007. DHS, Systematic Alien Verification for Entitlements (SAVE) Program: http://www.epic.org/redirect/save0507.html EPIC, Spotlight on Surveillance: SAVE System Can't Save Itself From 11-Year History of Inaccuracy, Unreliability (Apr. 2007): http://www.epic.org/privacy/surveillance/spotlight/0407/ Department of Homeland Security's Notice of Proposed Rulemaking on REAL ID: http://www.dhs.gov/xprevprot/laws/gc_1172765386179.shtm Stop REAL ID Campaign site: http://www.privacycoalition.org/stoprealid ======================================================================== [6] News in Brief ======================================================================== EPIC Urges Court Review of Surveillance Program EPIC, in cooperation with the Stanford Constitutional Law Center, filed a "friend-of-the-court" brief in "Hepting v. AT&T." This lawsuit alleges that AT&T allowed the government to wiretap calls and e-mails without judicial authority. The U.S. government and AT&T seek to dismiss this case. The EPIC brief states, "The statutes and constitutional provisions relied upon in the complaint are designed to interpose the courts between citizens and the government when government conducts surveillance that it naturally would prefer to conduct in secret and wholly at its own discretion . . . . This litigation should thus proceed, lest the privacy claims here be made effectively unreviewable." "Friend-of-the-Court" Brief (pdf): http://www.epic.org/privacy/terrorism/fisa/hepting_ab0507.pdf EPIC Page on "Hepting v. AT&T": http://www.epic.org/privacy/hepting/ Colorado Court Limits Release of Phone Records in Harassment Case A Colorado judge overturned an order that would have forced a victim of harassment to release her telephone records to her harasser. The order was part of a discovery request in a divorce case, and entailed releasing complete telephone records for five years, even though the marriage only lasted four years. EPIC filed an amicus brief in the case supporting the protection of the phone records. EPIC's brief identified the growing public policy that protects the privacy of telephone records, including the Federal Communications Commission's recent order improving the protection of calling records. EPIC also highlighted privacy advances in the Violence Against Women Act of 2005, which added "placing under surveillance" to the definition of stalking. Lastly, EPIC urged the court to consider such privacy interests as security and use limitation. EPIC's Amicus Brief (pdf): http://www.epic.org/privacy/dom_violence/cellrecord_amicus.pdf EPIC's Page on Telephone Record Privacy: http://www.epic.org/privacy/iei/ UPI/Zogby Poll: Americans Value Privacy Rights A majority of Americans, 53.4 percent, polled by United Press International and Zogby International said they did not agree that "the government could suspend privacy laws to enable the sharing of counter-terror information that could include private data on U.S. citizens." More than one-third, 35 percent, strongly disagreed with that statement. The April 13-16 survey included 5,932 U.S. residents and had a margin of error of 1.3 percentage points. The poll comes as senior Bush administration officials told Congress that they believed the president had the authority to decide whether to conduct surveillance without warrants, despite the Foreign Intelligence Surveillance Act. The 1978 law requires court-approved warrants for the wiretapping of American citizens and others inside the United States. President Bush has been repeatedly criticized for a secret 2002 order allowing the NSA to conduct warrantless surveillance of international telephone and Internet communications on American soil. UPI/Zogby Poll (Apr. 13-16, 2007): http://www.epic.org/redirect/poll0507.html EPIC Resources on Domestic Surveillance: http://www.epic.org/features/surveillance.html Pentagon Ends Controversial Data-Gathering Program. The Pentagon will end its Threat and Local Observation Notices (TALON) Program, said Undersecretary of Defense for Intelligence, James R. Clapper Jr. The program collects unvalidated reports of activities that are alleged to be threats to the Defense Department. However, Clapper also said that the department would continue "to document and assess potential threats to Defense Department resources." The program was heavily criticized, and the Pentagon had to apologize, after documents revealed that TALON collected data on peaceful anti-war and anti-nuclear meetings and protests. The documents were obtained under the Freedom of Information Act by the Servicemembers Legal Defense Network and the ACLU. The department admitted that it had maintained the information after it was determined that there was no threat from the protests and past the 90 days its guidelines provided for. The department also monitored student speech and e-mails at several universities across the country, tracking students involved in protesting military policies. Servicemembers Legal Defense Network Documents Revealing Student Monitoring (pdf): http://www.sldn.org/binary-data/SLDN_ARTICLES/pdf_file/3028.pdf FOIA Documents about the Database Obtained by the ACLU: http://www.aclu.org/safefree/spyfiles/27050prs20061012.html National Institute of Standards and Technology Releases RFID Guidelines The National Institute of Standards and Technology (NIST) issued its Guidelines for Securing Radio Frequency Identification (RFID) Systems last week. NIST urged retailers, federal agencies, and other organizations to evaluate the potential security and privacy risks of RFID technology and use best practices to reduce them. "Personal privacy rights or expectations may be compromised if an RFID system uses what is considered personally identifiable information for a purpose other than originally intended or understood," NIST said. "As people possess more tagged items and networked RFID readers become ever more prevalent, organizations may have the ability to combine and correlate data across applications to infer personal identity and location and build personal profiles in ways that increase the privacy risk." NIST detailed how to address, in the context of an RFID system, the basic principles of the Organization for Economic Co-operation and Development's Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. EPIC has repeatedly warned that RFID technology increases the risk of clandestine tracking and unauthorized access to data. NIST Guidelines for Security of RFID Systems (pdf): http://www.epic.org/redirect/nist0507.html EPIC's Page on RFID: http://www.epic.org/privacy/rfid/ Banks Sue TJX Over Security Breach Affecting 46 Million Cards Bank associations in Connecticut, Massachusetts and Maine, representing nearly 300 banks, have filed a class action lawsuit in Boston against TJX Companies over the data security breach in which more than 45 million credit and debit card numbers were stolen by hackers. The computer system breaches began in July 2005 but weren't discovered until December 2006. The suit seeks to recover damages in the "tens of millions of dollars," the cost, the banks say, to replace cards and cover fraudulent charges from the security breach. The banks allege that TJX failed to adequately protect sensitive data and misrepresented how it handled data, which they say constitutes an unfair trade practice under Massachusetts law. The TJX breach is just the latest in numerous data and security scandals. More than 153 million data records of U.S. residents have been exposed due to security breaches since January 2005, according to a report from the Privacy Rights Clearinghouse. Bank Associations' Press Release About Suit (pdf): https://www.massbankers.org/pdfs/DataBreachSuitNR5.pdf Privacy Rights Clearinghouse, Chronology of Data Breaches: http://www.privacyrights.org/ar/ChronDataBreaches.htm EPIC's Page on Identity Theft: http://www.epic.org/privacy/idtheft/ ======================================================================== [7] EPIC Bookstore: "Illusions of Security" ======================================================================== "Illusions of Security: Global Surveillance and Democracy in the Post-9/11 World," by Maureen Webb (City Lights Books, 2007). http://www.powells.com/partner/24075/biblio/9780872864764 "Illusions of Security" provides a comprehensive, detailed, and disturbing review of a decade of mass surveillance activities, with particular focus on the worldwide shift in investigative techniques in the post-9/11 world. The real-life impacts of these programs come into sharp focus in Webb's many examples of personal experiences, including the story of Maher Arar, the Canadian who, based on Canadian and American intelligence misinformation, was detained in the U.S. and sent to Syria, where he was interrogated and tortured. From this "cautionary tale of our times," Webb proceeds to outline the various mass surveillance systems and proposals that have recently come into existence in the US and around the globe. The programs, ranging from new passport requirements, RFID technology, and biometrics, to the tracking of financial information, air travel information, and communications monitoring all demonstrate a shift in law enforcement towards "preemption of risk" that given large enough amounts of data, patterns of culpability can be discovered from innocuous details. A preemption model of security reverses the presumption of innocence and wrongly assumes that criminal and terrorist activity could be curtailed by increased access to infinite quantities of information. The preemption model has allowed governments to manipulate, in the name of preventative policing, legislative constraints on government surveillance, and has been used to justify such extreme measures as extraordinary rendition, outsourcing of interrogation and torture in the race to gather information. Ironically, Webb's analysis succeeds where the very programs she is describing fails: her ability to gather dispersed and incomplete clues on the scope and extent of various surveillance initiatives unveils patterns of disproportionate erosion of civil liberties in exchange for few law enforcement benefits. As the author states, "Sifting through an ocean of flawed information with a net of bias and faulty logic, the initiatives described in this book yield a tidal wave of false leads and useless information." The consequences of such false leads, says Webb, is far more serious than inefficiencies in intelligence operations. Trawling vast quantities of largely irrelevant data wrongly diverts resources from more effective investigative techniques, exacerbates global insecurity, and threatens our liberty and democracy. -- Allison Knight ================================ EPIC Publications: "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2005: An International Survey of Privacy Laws and Developments" (EPIC 2006). Price: $60. http://www.epic.org/bookstore/phr2005/phr2005.html This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 70 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2005 is the most comprehensive report on privacy and data protection ever published. ================================ "FOIA 2004: Litigation Under the Federal Open Government Laws," Harry Hammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price: $40. http://www.epic.org/bookstore/foia2004 This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 22nd edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: https://mailman.epic.org/cgi-bin/control/foia_notes ======================================================================== [8] Upcoming Conferences and Events ======================================================================== Symposium on Internet Governance and Security: Exploring Global and National Solutions. Swiss Embassy. May 17, 2007. Washington, DC. For more information: http://internetgovernance.org/events.html Conference on Interdisciplinary Studies in Information Privacy and Security. Rutgers University. May 22, 2007. New Brunswick. For more information: http://www.scils.rutgers.edu/ci/isips/ Privacy Compliance Conference. The Canadian Institute. May 30-31, 2007. Toronto, Canada. For more information: http://www.privcom.gc.ca/events/index_e.asp 2007 ALA Annual Conference. Washington Convention Center. June 23-26, 2007. Washington, DC. For more information: http://www.ala.org/ala/eventsandconferencesb/annual/2007a/home.htm Civil Society Privacy Conference: Privacy Rights in a World Under Surveillance. September 25, 2007. Montreal, Canada. For more information: http://www.thepublicvoice.org/events/montreal07/default.html 29th International Conference of Data Protection and Privacy Commissioners. September 25-28, 2007. Montreal, Canada. For more information: http://www.privacyconference2007.gc.ca/Terra_Incognita_home_E.html Future of the Internet Economy - OECD Ministerial Meeting. June 14-18, 2008. Seoul, Korea. For more information: http://www.oecd.org/document/19/0,2340,en_2649_37441_38051667 _1_1_1_37441,00.html ====================================================================== Subscription Information ====================================================================== Subscribe/unsubscribe via web interface: https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ======================================================================== Privacy Policy ======================================================================== The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================== About EPIC ======================================================================== The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ------------------------- END EPIC Alert 14.09 ------------------------- .