EPIC logo

  
========================================================================
                            E P I C  A l e r t
========================================================================
Volume 14.11                                               May 31, 2007
------------------------------------------------------------------------

                             Published by the
                Electronic Privacy Information Center (EPIC)
                             Washington, D.C.

              http://www.epic.org/alert/EPIC_Alert_14.11.html


========================================================================
Table of Contents
========================================================================
[1] Filing Reveals Google Subject to "Second Request"
[2] European Privacy Agency Opens Investigation Into Google
[3] Congress to Hold Hearing on Employment Verification System
[4] EPIC Urges Release of NSA Surveillance Program Documents
[5] Last Public Meeting on Draft 2007 E-Voting Standards
[6] News in Brief
[7] EPIC Bookstore: "Understanding Surveillance Technologies"
[8] Upcoming Conferences and Events

========================================================================
[1] Filing Reveals Google Subject to "Second Request"
========================================================================

A recent filing with the Security and Exchange Commission indicates that
the Federal Trade Commission has "issued a request for additional
information and documentary materials regarding the proposed
acquisition" of DoubleClick. Last week, the Federal Trade Commission
opened a preliminary antitrust investigation into Google's planned $3.1
billion acquisition of the online advertising company.

It was decided last week that the FTC, and not the Department of
Justice, would conduct the investigation; the two agencies share the
duty of antitrust enforcement, though the FTC has extensive expertise in
consumer privacy matters. The FTC's "second request" for information
suggests that the proposed acquisition raises more serious antitrust
issues. According to FTC Chair Majoras's statement on the merger review
process, "the majority of investigations in which the FTC issued a
second request resulted in a merger challenge, consent order, or
modification to the transaction, suggesting that the FTC generally
issues second requests only when there is a strong possibility that some
aspect of the investigation would violate the antitrust laws."

Last month, EPIC, the Center for Digital Democracy and the United States
Public Interest Research Group, filed a request for the FTC to
investigate the privacy implications of the proposed merger. In the
complaint, the groups noted that Google collects the search histories of
its users, while DoubleClick tracks what Web sites people visit. The
groups urged the FTC to assess the ability of Google to record, analyze,
track, and profile the activities of Internet users with data that is
both personally identifiable and data that is not personally
identifiable. The groups recommended that the merger not be approved
unless adequate privacy safeguards are established.

In an antitrust investigation, regulators must define the relevant
market, and weigh the likely impact on competition. Privacy issues are
relevant to the Google/DoubleClick antitrust investigation because of
the unique circumstance presented in the world of online advertising:
the success of targeted marketing and the use of individuals' personal
data are inextricably linked.

Securities Exchange Commission filing:

     http://www.epic.org/redirect/sec0507.html

FTC Merger Reform Announcement (Feb. 2006) (pdf):

     http://www.ftc.gov/os/2006/02/mergerreviewprocess.pdf

EPIC's Complaint to the FTC (pdf):

     http://www.epic.org/privacy/ftc/google/epic_complaint.pdf

EPIC's FTC Google Complaint page:

     http://www.epic.org/privacy/ftc/google/

Letter from the NY State Consumer Protection Board (pdf):

     http://www.epic.org/privacy/ftc/google/CPB.pdf

========================================================================
[2] European Privacy Agency Opens Investigation Into Google
========================================================================

The European Union's Article 29 Data Protection Working Party has
launched an investigation into Google's privacy practices. In a letter
to Google, chair of the Article 29 Working Party, Peter Schaar asked
whether the company has "fulfilled all the necessary requirements" to
abide by EU privacy rules.

Mr. Schaar explained, “As you are aware, server logs are information
that can be linked to an identified or identifiable natural person and
can, therefore, be considered personal data in the meaning of Data
Protection Directive 95/46/EC. For that reason, their collection and
storage must respect data protection rules.” EU Directive 95/46/EC
states that individuals' personal information can only be collected for
"specified, explicit and legitimate purposes." Information that is
collected can only be kept in identifiable form for as long as is
"necessary for the purposes for which the data were collected or for
which they are further processed."

Earlier this year, Google announced that it was changing its privacy
policy, and would maintain user-specific information from Web searches
for a period of 18 to 24 months. Google previously stored this
information for as long as it was useful. After the 18- to 24-month
period, the company claims that it will obscure the data, making it more
difficult to identify individuals. This change “does not seem to meet
the requirements of the European legal data protection framework,” Mr.
Schaar wrote. The Working Party requested a detailed explanation from
Google as to 1) “why this long storage period was chosen” for the server
logs, 2) “the purposes for which server logs need to be kept,” and 3)
“Google's legal justification for the storage of server logs in
general.” Also, the Working Group questioned whether the 30-year
lifetime of the “Google cookie,” which tracks users, “goes beyond what
seems to be 'strictly necessary' for the provision of the service.”

Mr. Schaar pointed to the “Resolution on Privacy Protection and Search
Engines,” which urged data minimization and addressed several issues
with regard to server logs and the detailed profiling of users. “The
Article 29 Working Party fully supports this Resolution and would
appreciate the detailed views of Google on the steps which it has taken
to fully implement its recommendations.” The Working Party will discuss
the investigation into Google's privacy practices at its meeting in June
and requested that the company respond before then.

In 2001, a coalition of consumer organizations in Europe and North
America wrote to policymakers regarding the privacy implication of the
America Online and Time Warner merger. The groups urged officials to "
condition approval of the proposed merger on the adoption of enforceable
Fair Information Practices that would guarantee consumer privacy
safeguards at least equal to those that would be provided under the EU
Data Directive." The groups also recommended that EU and US officials
"consider the impact of mergers on privacy, as one factor in the review
to determine if a merger is in the public interest" and establish "legal
mechanisms to address privacy concerns of mergers, such as mechanisms to
place conditions on mergers that would protect consumer privacy."

Article 29 Data Protection Working Party page:

     http://www.epic.org/redirect/a29party.html

Statement of TransAtlantic Consumer Dialogue Regarding Merger of America
Online and Time Warner and Privacy Protection (Feb. 2000) (pdf):

     http://www.tacd.org/db_files/files/files-93-filetag.pdf

========================================================================
[3] Congress to Hold Hearing on Employment Verification System
========================================================================

On June 7, the Subcommittee on Social Security of the Committee on Ways
and Means will hold a hearing on current and proposed employment
eligibility verification systems and the role of the Social Security
Administration in authenticating employment eligibility. Subcommittee
Chairman Michael R. McNulty (D-NY) said, "“If employment eligibility
verification is to be a key enforcement tool for immigration policy, we
must ensure the system is effective, efficient and feasible. We need a
better understanding of the possible consequences and impact on the
Social Security Administration if they are to undertake this expanded
responsibility without compromising their core mission of administering
Social Security.”

EPIC's current "Spotlight on Surveillance" scrutinizes the national
employment verification system now under consideration in Congress. The
national database is proposed to prevent undocumented immigrants from
obtaining employment in the United States, but it could instead prevent
millions of Americans from obtaining lawful employment. The federal
program will also be expensive. The Government Accountability Office has
estimated that a nationwide expansion of the Basic Pilot program would
cost $11.7 billion.

Basic Pilot, a joint project of Customs and Immigration Services and the
Social Security Administration, is a voluntary employment eligibility
verification system created in 1997. In the Basic Pilot program, an
employer voluntarily fills out an online form with the new employee's
name, date of birth and Social Security Number within three days of the
employee's hire date. This information is checked against Social
Security Administration databases to verify identity and, if the
employee is a non-citizen, her data is then checked against the
Department of Homeland Security databases to verify employment
eligibility.

Congress is considering two bills that would create a nationwide,
mandatory employment eligibility verification system. An examination of
the two bills finds that the proposed changes would make the
already-flawed identification systems worse for both U.S. citizens and
documented immigrants. As of December, Basic Pilot consisted of 12,000
employers, about 0.2 percent of the seven million employers nationwide.
In Fiscal Year 2005, less than one million verifications were run
through Basic Pilot. Under H.R. 1645 and S. AMDT 1150, all of the
nation's seven million employers would be mandated to use another
version Basic Pilot system, creating a national employment eligibility
verification system ("EEVS") of 143.6 million authorized workers.

Several government analyses of Basic Pilot have detailed significant
flaws in the system and have recommended against expanding the
employment verification system nationwide.  EEVS would use the same
databases to check the employment eligibility of workers, though the
Government Accountability Office and the Social Security
Administration's Inspector General have found the databases used in
Basic Pilot are filled with inaccurate data, which can lead to
authorized workers being deemed ineligible for employment. The Inspector
General estimated that the Social Security Administration's Numerical
Identification File ("NUMIDENT") had about 17.8 million records with
discrepancies with name, date of birth or death, or citizenship status;
about 13 million of these inaccurate records belong to U.S. citizens.
Sometimes the errors are corrected and the employee is not adversely
affected, but government analyses of Basic Pilot have shown that
employees can be negatively affected. If an initial check under Basic
Pilot returns a "further action" notice, then employers have reduced the
pay or responsibilities of workers or even terminated employment, even
though such action is illegal. Employers may only terminate employment
if there is a final determination of a worker's employment
ineligibility. Government analyses have found that workers are sometimes
not told of the "further action" notice, so they do not know why they
have been adversely affected and the employees cannot take steps to
correct the records.

Both H.R. 1645 and S.AMDT. 1150 expand data sharing and collection,
consolidating the power to access and control this information in the
Department of Homeland Security. New exemptions are created, requiring
the Social Security Administration, Internal Revenue Service, and
Department of State to disclose confidential and sensitive personal data
to the Department of Homeland Security. This data includes employee
data, birth and death records, driver's license and state identification
files, visa and passport records and taxpayer information. EEVS also
presumes that workers will use biometric Social Security cards and REAL
ID cards - neither of which exist. 

EPIC Executive Director Marc Rotenberg is expected to testify at the
hearing next week.

EPIC Spotlight on Surveillance on EEVS:

    http://www.epic.org/privacy/surveillance/spotlight/0507

Committee Press Release on June 7 Hearing: 

     http://waysandmeans.house.gov/hearings.asp?formmode=view&id=6090

Submit Public Comment for the June 7 Hearing: 

     http://waysandmeans.house.gov/submissions.aspx

Office of Inspector General, Social Security Administration:
Congressional Response Report: Accuracy of the Social Security
Administration's Numident File, A-08-06-26100 (Dec. 18, 2006) (pdf):

    http://www.ssa.gov/oig/ADOBEPDF/A-08-06-26100.pdf

H.R. 1645 (pdf):

    http://www.epic.org/privacy/surveillance/spotlight/0507/hr1645.pdf

S.AMDT. 1150 (pdf):

    http://www.epic.org/privacy/surveillance/spotlight/0507/samdt1150.pdf

Previous EPIC Congressional Testimony About Social Security:

    http://www.epic.org/privacy/ssn/mar_16test.pdf

========================================================================
[4] EPIC Urges Release of NSA Surveillance Program Documents
========================================================================

EPIC, the American Civil Liberties Union, and the National Security
Archive filed a supplemental memorandum that urged a federal district
court to require the Justice Department to disclose documents about the
NSA Domestic Surveillance program. The motion follows the testimony of
former Deputy Attorney General James Comey before the Senate Judiciary
Committee that indicated that top officials at the Department of Justice
believed that the program was illegal. EPIC first sought documents
regarding the legal basis for the program just hours after the
warrantless surveillance program was first reported in the New York
Times in December 2005.

The New York Times reported that President George W. Bush had issued an
order in 2002 allowing the National Security Agency unprecedented
authority to conduct domestic surveillance. The government's authority
to conduct surveillance is found in two statutes: Title III, also called
the "Wiretap Statute," outlines the strict guidelines regulating
ordinary domestic law enforcement surveillance, and the Foreign
Intelligence Surveillance Act (FISA) establishes a separate legal regime
for foreign intelligence surveillance information in furtherance of U.S.
counterintelligence. Congress specifically stated that FISA and Title
III "shall be the exclusive means by which electronic surveillance ...
and the interception of domestic wire, oral, and electronic
communications may be conducted."

In a letter sent to Attorney General Alberto Gonzales, Senators Patrick
Leahy and Arlen Specter are seeking the legal justifications for the
President's warrantless domestic spying program. Senate Judiciary
Committee Chairman Leahy and Ranking Member Specter wrote that the
Attorney General has "rebuffed all requests for documents and your
answers to our questions have been wholly inadequate and, at times,
misleading." The senators said that the testimony of former Deputy
Attorney General James Comey, which indicated that the White House went
forward with the warrantless spying even though top officials at the
Department of Justice believed the program was illegal, "raises very
serious questions about your personal behavior and commitment to the
rule of law."

In addition to questions about the legality of the NSA program and the
consequences of a possible determination that public officials violated
the FISA, EPIC has also urged Congress to consider the importance of
establishing reporting requirements for the NSA that are comparable to
other federal agencies that conduct surveillance in the United States.

Letter from Sen. Patrick Leahy and Sen. Arlen Specter to Attorney
General Alberto Gonzales:

      http://leahy.senate.gov/press/200705/052207a.html

EPIC's Spotlight on Surveillance "Legality of NSA's Secret Eavesdropping
Program Is Suspect and Cost is Unknown":

      http://www.epic.org/privacy/surveillance/spotlight/0106/

EPIC's page on FISA:

      http://www.epic.org/privacy/terrorism/fisa/

EPIC's page on EPIC v. DOJ:

      http://epic.org/privacy/nsa/foia/

========================================================================
[5] Last Public Meeting on Draft 2007 E-Voting Standards
========================================================================

The Technical Guidelines Development Committee, the standards
development committee of the federal government's Election Assistance
Commission, met last week to review and approve their revised draft of
recommendations on future voluntary voting system guidelines.  This was
the ninth meeting of the Committee, which is working with the assistance
of the National Institute of Standards and Technology to develop voting
guidelines for 2007.

The Election Assistance Commission was established by the Help America
Vote Act of 2002, and provides guidance to states on the conduct of
federal elections and the adoption of new voting systems.  The standards
adopted by the Commission are mandatory for those states that take
federal funding for the replacement of their voting systems.  The Help
America Vote Act establishes the standards development process that
governs the adoption of new voting systems intended for use in federal
public elections. This process begins with recommendations from the
Technical Guidelines Development Committee being sent to the Election
Assistance Commission.  The recommendations approved last week will be
submitted by early July to the Election Assistance Commission, who will
then publish the document in the Federal Register and open a public
comment period.

This will mark the second standards document completed in the Help
America Vote Act process in two years.  The first federal Voluntary
Voting System Guidelines document was completed and published in the
Federal Register in April 2005.  Prior to the Act's process
requirements, there were two voting standards documents (one in 1990 and
the other in 2002) produced by the National Association of State
Election Directors.

In other voting news, Senator Feinstein, the new chair of the Senate
Rules Committee, has introduced a bill (S.1487) to help ensure the
accuracy of vote counts in federal elections and institute reforms in
the administration of elections.  The legislation is intended to be the
Senate companion bill to House Resolution 811. The key provision in both
bills is the establishment of a voter verified paper record by 2010 for
all direct recording electronic voting systems.  Senator Feinstein's
version of the legislation would ban the purchase of any new direct
recording electronic voting systems that do not provide an accessible,
durable permanent voter-verified paper ballot; and prohibit election
officials from serving in an official capacity with federal political
campaigns.

S.1487: A bill to amend the Help America Vote Act of 2002 to require an
individual, durable, voter-verified paper record under title III of such
Act, and for other purposes:

      http://thomas.loc.gov/cgi-bin/bdquery/z?d110:s.01487:

House Resolution 811 (pdf):

      http://votingintegrity.org/pdf/hr811-rpt.pdf

National Association of State Election Directors:

      http://www.nased.org/

Help America Vote Act Law:

      http://www.fec.gov/hava/law_ext.txt

Technical Guidelines Development Committee page:

      http://vote.nist.gov/TGDC.htm

Election Assistance Commission page:

      http://www.eac.gov

EPIC's page on voting:

      http://www.epic.org/privacy/voting/

National Committee for Voting Integrity:

      http://www.votingintegrity.org/

========================================================================
[6] News in Brief
========================================================================

Social Security Agency Revisions to Privacy and Disclosure Rules

The Social Security Administration (SSA) has revised its privacy and
disclosure rules for the first time since 1980.  The revisions, which
came into effect on May 29, 2007, describe the existing responsibilities
and functions of the Privacy Officer, establish a new senior agency
official for privacy as required by the Office of Management and Budget,
and explain the SSA's new Privacy Impact Assessment process in
accordance with the E-Government Act of 2002. Further, the revisions
state that the SSA cannot process electronic requests via the Internet
if the requester's identity cannot be confirmed. Another revision gives
individuals more direct access to their medical records.

Federal Register - Social Security Administration Proposed Rules (Sept.
13, 2006):

      http://www.access.gpo.gov/su_docs/fedreg/a060913c.html

EPIC's page on Social Security Numbers

      http://www.epic.org/privacy/ssn/


GAO Report: FBI Needs to Address Weaknesses in Critical Network

A recent Government Accountability Office report found weaknesses in the
FBI's information security controls for one of its critical networks.
The FBI did not consistently prevent unauthorized insider access and
ensure system integrity; identify and authenticate users to prevent
unauthorized access; apply strong encryption techniques to protect
sensitive data on its networks; log, audit, or monitor security-related
events; protect the physical security of its network; or patch key
servers and workstations in a timely manner. The GAO concluded, "these
weaknesses place sensitive information transmitted on the network at
risk of unauthorized disclosure or modification, and could result in a
disruption of service, increasing the bureau's vulnerability to insider
threats."

Although the FBI has an agency-wide information security program, it has
not been fully implemented. Outdated risk assessment, incomplete
security plans, incomplete specialized security training, insufficient
testing, untimely remediation of weaknesses, and inadequate service
continuity planning all contribute to weaknesses in the critical network
system. The GAO made several recommendations in a separate, classified
report, to correct specific weaknesses in the security of the FBI's
networks.

GAO Report: Information Security (pdf):

      http://www.gao.gov/new.items/d07368.pdf


GAO Report: Privacy Office - Progress Made but Challenges Remain

The US Government Accountability Office (GAO) issued a report on the
Department of Homeland Security's Privacy Office this week. The GAO
found that the DHS Privacy Office has made significant progress by
establishing a compliance framework for conducting Privacy Impact
Assessments, which are required by the E-Government Act of 2002. The GAO
also commended the DHS Privacy Office for integrating privacy
considerations into the DHS decision-making process, by establishing an
advisory committee, holding public workshops, and participating in
policy development. However, the GAO found that limited progress has
been made in updating public notices required by the Privacy Act for
systems of records that were in existence prior to the creation of DHS.
The report recommends appointing privacy officers in key DHS components,
implementing a process for reviewing Privacy Act notices, and
establishing a schedule for timely issuance of Privacy Office reports.

GAO Report: DHS Privacy Office (pdf):

      http://www.gao.gov/new.items/d07522.pdf

EPIC's Report Recommending on Sui Generis Privacy Agencies (pdf):

      http://epic.org/epic/ssrn-id933690.pdf


Facebook Allows Third Party Access to Social Networking Database

Social Networking service Facebook.com introduced a new feature last
week that allows third party websites to access user data. Using an
Application Programming Interface, third party websites can offer
services to Facebook users based on personal information in the Facebook
database. Facebook users can configure their privacy settings to stop
their information from leaving Facebook, but Facebook has configured the
Application Programming Interface so that users are opted-in by default.

EPIC Page on Social Networking and Privacy:

      http://www.epic.org/privacy/socialnet/

"Facebook API Unilaterally Opts Users Into New Services":

      http://blog.wired.com/27bstroke6/2007/05/facebook_api_un.html


CRS Reports on Intelligence, Passenger Screening

Two new Congressional Research Service reports are available. "Detection
of Explosives on Airline Passengers" discusses the recommendations of
the 9/11 Commission and the current state of explosive screening. Policy
issues covered include cost, certification and feasibility, erroneous
detection, potential for intentional disruption and research and
development. Another report summarizes ongoing Congressional concerns in
Intelligence, entitled "Intelligence Issues for Congress." The report
lists relevant legislation in the 110th and 109th Congresses, and
identifies current issues before the 110th, such as the terrorist
surveillance program and allegations of prisoner abuse and the CIA.

Detection of Explosives on Airline Passengers (pdf):

      http://www.fas.org/sgp/crs/homesec/RS21920.pdf

Intelligence Issues for Congress (pdf):

      http://www.fas.org/sgp/crs/intel/RL33539.pdf

EPIC's 9/11 Commission page:

      http://www.epic.org/privacy/terrorism/911comm.html

EPIC's Air Travel Privacy page:

      http://www.epic.org/privacy/airtravel/


========================================================================
[7] EPIC Bookstore: "Understanding Surveillance Technologies"
========================================================================

Understanding Surveillance Technologies: Spy Devices, Privacy, History &
Applications, Second Edition by J. K. Petersen (Auerbach Publications,
2007)

      http://www.powells.com/partner/24075/biblio/9780849383199

Petersen provides a comprehensive overview of surveillance and
information gathering devices, broken down into four  major sections:
acoustic, electromagnetic, chemical & biological, and miscellaneous
surveillance.  Each section then is further broken down into particular
chapters: "acoustic," for example includes aural listening devices as
well as sonar technology. "Electromagnetic" includes not just radio, but
also radar, infrared, ultra-violet, and, of course, visual. The range of
devices and technologies covered is daunting -- the book covers over
1000 pages.

The first chapter is an introduction to and an overview of surveillance
technologies. From then on the chapters are modular - applying the same
structure to the topic discussed.  A chapter on a technology will
include an introduction to science in the area; the kinds of
surveillance that are done, the context it is used in, the origins and
evolution, descriptions and functions; applications; problems and
limitations; restrictions and regulations; privacy implications of use;
and list of resources.

The traditional fields of surveillance are thoroughly covered.  The
audio surveillance chapter takes up 100 pages and is also supplemented
by the 50 page radio surveillance chapter of the electromagnetic
section.  The history of wiretap technologies and law is covered. The
legal developments have a United  States centric angle. The implications
discuss past abuses as well as the increasing presence of wiretaps.

For a non-traditional example, the chapter on animal surveillance covers
the use of animals as detectors, as research subjects, as assistants --
like seeing eye dogs, and as treatment indicators -- profiling
individuals by their treatment of animals.  The limitations section
addresses the specific issues that animals face, such as narcotics
sniffing false positives, and the difficulty of relocation and
maintenance. The implications address the individual temperament of the
animals and arguments concerning animal rights. Further resources are
pointed to in the form of organizations working for animal rights, for
law enforcement animals, assistance animals.

The book serves best as a professional or student reference. It should
be consulted before one begins a new venture analyzing an area of
surveillance. It quickly allows the reader to gain a basic knowledge in
the scientific workings of a technology, its history, legal regime, main
privacy implications and resources.

-- Guilherme Roschke


================================


EPIC Publications:

"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.
http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2005: An International Survey of Privacy Laws
and Developments" (EPIC 2006). Price: $60.
http://www.epic.org/bookstore/phr2005/phr2005.html

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
70 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2005 is the most comprehensive report on privacy
and data protection ever published.

================================

"FOIA 2004: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:
$40.
http://www.epic.org/bookstore/foia2004

This is the standard reference work covering all aspects of the Freedom
of Information Act, the Privacy Act, the Government in the Sunshine Act,
and the Federal Advisory Committee Act.  The 22nd edition fully updates
the manual that lawyers, journalists and researchers have relied on for
more than 25 years.  For those who litigate open government cases (or
need to learn how to litigate them), this is an essential reference
manual.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).  This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.
http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the
CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books
http://www.powells.com/features/epic/epic.html

================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:
https://mailman.epic.org/cgi-bin/control/foia_notes


========================================================================
[8] Upcoming Conferences and Events
========================================================================

2007 ALA Annual Conference. Washington Convention Center. June 23-26,
2007. Washington, DC. For more information:
http://www.ala.org/ala/eventsandconferencesb/annual/2007a/home.htm

National Institute on Computing and the Law: From Steps to Strides into
the New Age. June 25-26, 2007. San Francisco, CA.  For more information:
http://www.abanet.org/cle/programs/n07ctl1.html

Federal Trade Commission: Spam Summit - The Next Generation of Threats
and Solutions. July 11-12, 2007. Washington DC. For more information:
http://www.ftc.gov/bcp/workshops/spamsummit/index.shtml

Civil Society Privacy Conference: Privacy Rights in a World Under
Surveillance. September 25, 2007. Montreal, Canada. For more
information:
http://www.thepublicvoice.org/events/montreal07/default.html

29th International Conference of Data Protection and Privacy
Commissioners. September 25-28, 2007.  Montreal, Canada. For more
information:
http://www.privacyconference2007.gc.ca/Terra_Incognita_home_E.html

OECD and Industry Canada: Shaping Policies for Creativity, Confidence
and Convergence in the Digital World. October 3, 2007. Ottawa, Canada.
For more information:
http://www.oecd.org/futureinternet/participativeweb

University of Ottawa Faculty of Law: The Revealed "I". October 25-27,
2007. Ottawa, Canada. For more information:
http://www.idtrail.org/content/section/11/95/

Future of the Internet Economy - OECD Ministerial Meeting. June 14-18,
2008. Seoul, Korea. For more information:
http://www.oecd.org/document/19/0,2340,en_2649_37441_38051667
_1_1_1_37441,00.html

======================================================================
Subscription Information
======================================================================

Subscribe/unsubscribe via web interface:

https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news

Back issues are available at:

http://www.epic.org/alert

The EPIC Alert displays best in a fixed-width font, such as Courier.

========================================================================
Privacy Policy
========================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."

========================================================================
About EPIC
========================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC.  It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research.  For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009.  Or you can contribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

------------------------- END EPIC Alert 14.11 -------------------------

.