EPIC logo

  
========================================================================
                            E P I C  A l e r t
========================================================================
Volume 14.14                                              July 13, 2007
------------------------------------------------------------------------

                             Published by the
                Electronic Privacy Information Center (EPIC)
                             Washington, D.C.
              http://www.epic.org/alert/EPIC_Alert_14.14.html


========================================================================
Table of Contents
========================================================================
[1] EU and US Reach Agreements on Data Sharing
[2] EPIC Comments on New Phone Customer Privacy Rules
[3] EU Commission Opens Inquiry into Google-DoubleClick Merger
[4] Appeals Court Dismisses Challenge to Warantless Surveillance Program 
[5] EPIC Among Groups Discussing National Security Letters With FBI
[6] News in Brief
[7] EPIC Bookstore: "Computer Crimes and Digital Investigations"
[8] Upcoming Conferences and Events

========================================================================
[1] EU and US Reach Agreements on Data Sharing
========================================================================

On June 28, the European Union and the United States reached agreements
on two forms of data sharing - that of passenger travel records and that
of consumers' financial data.

The first agreement concerns the transfer of passenger name record (PNR)
information for travelers on all flights originating in the EU and
landing in the US. A 2004 agreement on the same subject was declared
invalid by the European Court of Justice in 2006. Although the Court's
decision did not address the privacy issues of PNR data transfer, EU
officials have expressed concern during agreement negotiations over the
amount of data collected, the length of time for which the data is
retained, and the lack of access and redress for EU citizens.

In March 2007, EPIC Executive Director Marc Rotenberg testified before
the Committee on Civil Liberties, Justice and Home Affairs of the
European Parliament regarding the interim PNR arrangement. Mr. Rotenberg
said that there were too few safeguards in place to prevent the use of
European data by the US government for purposes unrelated to preventing
future terrorist acts.

The new agreement reduces the 34 pieces of data on passengers now
collected by US law enforcement authorities to 19 data fields, including
name, contact data, payment details, and itinerary information. The
agreement also extends access to PNR information to EU citizens
consistent with the provisions in the US Privacy Act and the Freedom of
Information Act. The agreement does not, however, go so far as to extend
the full protections of the Privacy Act. In a letter attached to the
agreement, the US states that the Department of Homeland Security “had
made a policy decision to extend administrative Privacy Act protections
to PNR data” of non-US citizens and that all individuals have access to
the DHS' redress system developed for travelers. Finally, the US letter
states that PNR data will be retained for a minimum of 15 years.

In his letter to the EU's Minister of the Interior, European Data
Protection Supervisor Peter Hustinx outlined four areas of “grave
concern” with the new agreement: the lengthened retention period for
PNRs, the US' use of letters to avoid a binding agreement, the lack of a
“robust” system of redress, and the possibility of US data sharing
between an undisclosed number of agencies.

The second agreement concerns the US' acquisition and use of financial
data from an EU-based banking consortium. Last June, it was revealed
that the US used broad, secret administrative subpoenas to review vast
amounts of information from Belgium-based SWIFT, which routes financial
data among 7,800 financial institutions in more than 200 countries. In
this new agreement between the US and the EU, the US will restrict its
use of any data received from SWIFT to being exclusively for
counter-terrorism purposes. The US plans to retain the data for up to
five years. In addition, the European Commission will appoint an
"eminent European" who will conduct oversight of US use of SWIFT data.

Europa, Passenger Name Record FAQ:

     http://www.epic.org/redirect/PNRFAQ.html

EU-US Agreement on Passenger Name Records (June 28, 2007) (pdf):

     http://www.epic.org/privacy/pdf/pnr-agmt-2007.pdf

Letter from European Data Protection Supervisor, Peter Hustinx, to the
German Council Presidency on Proposed PNR Data Sharing Agreement (June
27, 2007) (pdf):

     http://www.epic.org/privacy/pdf/hustinx-letter.pdf

EU-US SWIFT Agreement (June 28, 2007) (pdf):

     http://www.epic.org/privacy/pdf/swift-agmt-2007.pdf

EPIC's page on EU-US Airline Passenger Data Disclosure:

     http://www.epic.org/privacy/intl/passenger_data.html

Spotlight on Surveillance on the SWIFT program:

     http://www.epic.org/privacy/surveillance/spotlight/0606/
 
European Parliament, PNR/SWIFT/ Safe Harbour Are Transatlantic Data
Protected? (March 26, 2007) (pdf)

     http://www.epic.org/redirect/EP-0307.html


========================================================================
[2] EPIC Comments on New Phone Customer Privacy Rules
========================================================================

This week EPIC joined nine other privacy and consumer in submitting
comments to the Federal Communications Commission (FCC) calling for
stronger safeguards for customers' telephone records. The Consumer
Coalition recommended that the FCC establish comprehensive privacy rules
that would require telephone companies to limit access to and retention
of consumer call data, implement audit trails to track access to data,
and curtail delays of law enforcement to customer notification in the
event of a security breach.

Last month, in response to a 2005 EPIC petition, the FCC adopted new
rules to strengthen the security of consumers' phone records and
requested comments on additional security proposals. The new rules
relate to the treatment of customer proprietary network information
(CPNI), which includes time, date, duration and destination number of
each call, type of network a consumer subscribes to, and any other data
that appears on the consumer's telephone bill.

The new rules also include a requirement that carriers notify customers
of unauthorized disclosures of telephone records; however, law
enforcement agencies can delay notifying an individual of a breach for
up to 14 days. Such a period may be extended “as long as reasonably
necessary in the judgment of the agency,” according to the rules. FCC
Commissioners Jonathan Adelstein and Michael Copps, among others, have
criticized this provision, and the Consumer Coalition urged the FCC to
restrict such delays. As Commissioner Adelstein noted, “Under these
rules, the Commission gives the Federal Bureau of Investigation a
potentially open-ended ability to delay customer notification of
security breaches . . . automatic delays coupled with unlimited
extensions are not appropriate.”

In its comments, the Consumer Coalition emphasized the vulnerability of
personal information on mobile devices, particularly when the devices
are lost or stolen. This information could include personal and business
correspondence, tax and bank records, and corporate client data. The
Consumer Coalition requested that the FCC provide consumers with a
feasible method of easily and permanently removing personal information
from mobile devices. As it stands, no federal rules regulate the
security or use of personal information on mobile devices.

The Consumer Coalition also urged the FCC to adopt a comprehensive
opt-in policy before customer information is disclosed to carriers'
agents or affiliates, because such a policy is “the only truly effective
means to provide privacy protection to those consumers who desire it.”
Because the current opt-out policy provides inadequate coverage and
notice, carriers must be required provide customers with clear and
conspicuous notice of their right to opt in.

The Consumer Coalition also commended the FCC for extending CPNI rules
to VoIP providers. “Even though there may be technical differences
between telecommunications carriers and VoIP providers, both types of
companies are dealing with consumers' personal information. Even though
VoIP providers may collect less information, they should still be held
to CPNI regulations for the information they do collect,” the Consumer
Coalition said.

The Consumer Coalition is: Consumer Action, Consumer Federation of
America, Consumers Union, Electronic Privacy Information Center,
National Consumers League, Privacy Activism, Privacy Journal, Privacy
Rights Clearinghouse, U.S. Public Interest Research Groups, Utility
Consumers' Action Network.

EPIC's Comments to the FCC (pdf):

     http://www.epic.org/privacy/cpni/cpni_070607.pdf

EPIC's page on CPNI:

     http://www.epic.org/privacy/cpni

FCC's Report and Order and Further Notice of Proposed Rulemaking (pdf):

     http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-07-22A1.pdf

EPIC's 2005 Petition to the FCC on CPNI:

     http://www.epic.org/privacy/iei/cpnipet.html


========================================================================
[3] EU Commission Opens Inquiry into Google-DoubleClick Merger
========================================================================

The European Commission Directorate on Competition recently announced
that it would review Google's $3.1 billion merger with Internet
advertising company DoubleClick.  The decision to review was made
shortly after European consumer group BEUC sent a letter urging the
Commission to investigate the merger.

BEUC reminded the Commission that it has publicly defined its role as
preventing mergers that would deprive consumers of “high quality
products, a wide selection of goods and services, and innovation.” BEUC
also noted that the European Commission has considered consumer choice
as an element in its review of past mergers.

Furthermore, BEUC explained that Google could establish a monopoly in
the online advertising industry, effectively reducing its competition
and raising privacy concerns about the massive quantities of user data
retained. By combining DoubleClick's databases and customer profiles
with its own, Google will be able to track its users' online activities
almost continuously. When they offered their private information to
either company, most consumers did not know that in the future there
would be a merger that would give the companies a more complete profile
of individuals' behavior, stated BEUC. The monopoly resulting from this
merger would give Google little incentive to provide its users with
improved service and adequate privacy protections.

The European Commission Directorate on Competition is not the only
agency currently reviewing the proposed Google and DoubleClick merger.
The Article 29 Data Protection Working Party also recently expanded an
investigation of Google's data retention policies after receiving
Google's response to their initial inquiry. The initial review focused
on Google's storage periods of server logs, whereas the Working Party
has indicated that its new investigation will evaluate the previous
analysis in addition to the data protection issues at stake with other
search engines. The U.S. Federal Trade Commission is also reviewing the
proposed merger.

The European Commission Directorate on Competition:

     http://ec.europa.eu/comm/competition/index_en.html

BEUC's letter on Proposed Acquisition of DoubleClick by Google (pdf):

     http://www.epic.org/privacy/ftc/google/beuc_062707.pdf

Article 29 Data Protection Working Party Press Release (pdf):

     http://www.epic.org/redirect/a29_press.html

EPIC's page on Proposed Google/DoubleClick Merger:

     http://www.epic.org/privacy/ftc/google/


========================================================================
[4] Appeals Court Dismisses Challenge to Warantless Surveillance Program
========================================================================

On July 6, the Sixth U.S. Circuit of Appeals ordered the dismissal of a
lawsuit challenging President Bush's domestic spying program, saying the
plaintiffs lacked the standing to sue because they could not prove the
government had monitored their communications. The court did not rule on
the issue of whether warrantless wiretapping is legal. The 2-1 ruling
vacated a 2006 order by a district court in Detroit, which found that
the warrantless surveillance program violated constitutional rights to
privacy and free speech and the separation of powers. The case, ACLU v.
NSA, will either be appealed to the Supreme Court or remanded to the
District Court in Detroit for dismissal.

Many of the specifics of this surveillance program remain undisclosed,
but the Bush administration has publicly acknowledged that the program
includes the warrantless wiretapping of telephone and email
communications where one party is located outside the United States. The
plaintiffs in ACLU v. NSA included journalists, academics and lawyers
all of whom alleged that they have a “well-founded belief” that their
communications were tapped. The District Court held that the plaintiff
had standing based on the three publicly acknowledged facts about the
programs. The Appellate Court rejected this reasoning stating, “the
plaintiffs have failed to meet this burden because there is no evidence
in the record that any of the plaintiffs are personally subject to the
TSP [Terrorist Surveillance Program].”

This case is separate from, but related to, Hepting v. AT&T, a class
action lawsuit filed in January 2006 by the Electronic Frontier
Foundation (EFF) against telecommunications company AT&T. EFF alleges
that AT&T permitted and assisted the U.S. government in unlawfully
monitoring the communications of a large part of the United States,
including AT&T customers, businesses and third parties whose
communications were routed through AT&T's network, as well as Voice over
IP (VoIP) telephone calls routed via the Internet. In July 2006, the
U.S. District Court for the Northern District of California, where the
suit was filed, rejected a U.S. government motion to dismiss the case.

In May, EPIC, in cooperation with the Stanford Constitutional Law
Center, filed an amicus brief in Hepting v. AT&T, arguing that the
“plaintiffs have alleged direct personal injury, namely that their own
communications were diverted by AT&T to the government in violation of
federal statutes and the Constitution.” This case is now on appeal
before the Ninth Circuit.

Sixth Circuit Appeals Court Decision in ACLU v. NSA (pdf):

     http://www.ca6.uscourts.gov/opinions.pdf/07a0253p-06.pdf

EPIC's Spotlight on Surveillance on Warrantless Surveillance (Jan.
2006):

     http://www.epic.org/privacy/surveillance/spotlight/0106/

EPIC's Page on Hepting v. AT&T Corp.:

     http://www.epic.org/privacy/hepting/


========================================================================
[5] EPIC Among Groups Discussing National Security Letters With FBI
========================================================================

On July 9, FBI Director Robert S. Mueller III met with EPIC and several
other privacy groups to discuss the FBI's new internal guidelines for
the use of national security letters (NSLs). NSLs are an extraordinary
search procedure by which the FBI can compel disclosure of data from
telephone companies, financial institutions, Internet service providers
and consumer credit agencies without judicial approval. In March, the
Department of Justice's Office of the Inspector General (OIG) issued a
report detailing significant abuse of the FBI's NSL powers. On March 29,
2005, EPIC sent a Freedom of Information Act request seeking records on
the FBI's use of its expanded Patriot Act powers. The documents obtained
by this request describe 13 cases of possible FBI misconduct in
intelligence investigations. In response to these reports, the FBI
issued new internal guidelines to all of its agents in June on the “use,
requirements, and reporting of National Security Letters.”

The guidelines fail to address the concerns EPIC has expressed in its
letters to the Senate Judiciary Committee. Based on EPIC's Freedom of
Information Act request, and the OIG's report, EPIC has called for a
repeal of Section 505 of the Patriot Act, which expanded the NSL power.
The FBI's new guidelines continue to allow NSLs to be issued under the
lower standard, and continue the practice of allowing field offices to
issue NSLs, rather than the pre-Patriot Act requirement of FBI
headquarters approval. The guidelines do not mandate that information
obtained through an NSL be labeled as such before being uploaded into
the FBI's database, making tracking of how NSLs are used difficult.
There continues to be no independent judicial oversight of NSL requests.
Additionally, the guidelines offer no guidance on when a “less intrusive
means of obtaining the information are feasible,” nor is there any
guidance on when non-disclosure, or gag orders, should be included with
an NSL.

In a letter to the Senate Judiciary Committee in October 2005, as
Congress was considering whether to renew provisions of the Patriot Act
that would otherwise sunset, EPIC first brought attention to the
internal documents that revealed that there were abuses of the Patriot
Act by the FBI. The 2005 EPIC letter to the Senate Judiciary Committee
noted that Attorney General Gonzalez had testified during the Patriot
Act reathorization that "there has not been one verified case of civil
liberties abuse" resulting from Patriot Act authority and that FBI
Director Mueller has similarly testified "I as well am unaware of any
substantial allegation that the government has abused its authority
under the Patriot Act."

FBI Press Release on July 9 Meeting With Privacy Groups:

     http://www.fbi.gov/pressrel/pressrel07/privacygroups070907.htm

Revised NSL Guidelines (pdf):

     http://www.epic.org/privacy/nsl/New_NSL_Guidelines.pdf

EPIC's Letter to Senators Specter and Leahy (March 21, 2007) (pdf): 

     http://www.epic.org/privacy/pdf/nsl_letter.pdf

EPIC's Letter to Senators Specter and Leahy (June 16, 2006)

   http://www.epic.org/privacy/surveillance/sen_iob_letter.pdf

EPIC's Letter to Senators Specter and Leahy (Oct. 24, 2005) (pdf): 

     http://www.epic.org/redirect/epic_letter.html

EPIC's Page on NSL:

     http://www.epic.org/privacy/nsl/


========================================================================
[6] News in Brief
========================================================================

EPIC Urges Protection of Internet Subscriber Data

On July 9, EPIC joined five groups in filing a "friend of the court"
brief in New Jersey v. Reid, an appeal to the state Supreme Court
regarding an illegal subpoena to an Internet service provider demanding
data on a subscriber. The lower court held that subscribers have a
reasonable expectation of "informational privacy," defined as "the
ability to control the acquisition or release of information about
oneself." In their brief, the groups explained, "This case raises
far-reaching questions about the scope of privacy protection in the
electronic environment," especially because subscriber information "can
reveal substantially more about an individual than, for example, the
phone numbers she dials." The groups urged the NJ Supreme Court to
uphold the ruling: "Like the ability to engage in phone calls
confidentially from one's home, so too is the right to make confidential
electronic communications from one's home computer deserving of
protection."

Brief of EPIC and Five Groups (pdf):

     http://www.epic.org/privacy/nj_reid/amicus_reid.pdf

Lower Court Decision in New Jersey v. Reid (pdf):

     http://www.epic.org/privacy/nj_reid/reid_superior_ct.pdf


CRS Publishes Report on Fusion Centers

The Congressional Research Center (CRS) has published a new report
entitled, "Fusion Centers: Issues and Options for Congress." The report
offers insight on the deployment of over 40 law enforcement fusion
centers throughout the nation. The goal of fusion centers is to bring
together information from distributed sources for the purpose of risk
assessment and “preventive action.” The CRS report states that officials
justifying the development of fusion centers use a number of
presumptions, and that the goals of the centers seem to be unfocused
with wide-ranging explanations on what they are intended to accomplish.
The report outlined threats to civil liberties and privacy posed by the
deployment of fusion centers, because of the scope and volume of
personally identifiable information that could be collected on entire
populations within the jurisdiction of a fusion center. The report
states that there are no federal laws that provide oversight for the
work of fusion centers.

CRS Report: "Fusion Centers: Issues and Options for Congress" (July 6,
2007) (pdf):

     http://www.epic.org/privacy/fusion/crs_fusionrpt.pdf

EPIC's Page on Fusion Centers:

     http://www.epic.org/privacy/fusion/


GAO Releases Faulty Report on Identity Theft and Data Breaches

The Government Accountability Office (GAO) released a report titled
“Personal Information: Data Breaches Are Frequent, but Evidence of
Resulting Identity Theft Is Limited; However, the Full Extent Is
Unknown.” The GAO found that, of the 24 breaches it studied from
2000-2005, only three included clear evidence that the breach resulted
in fraud on existing accounts. Based on this data, the GAO suggested
that Congresional enactment of a risk-based federal notification system
could avoid posing undue burden on orgnanizations who may otherwise have
to provide notification for breaches that pose little risk.

suggested that if Congress were to enact a federal notification
requirement, a system whereby consumers are notified only when a
predetermined level of risk is present might enable businesses to the
cost of 'counterproductive' notifications.

Despite appearing to diminish the statistical likelihood of identity
theft, the GAO report repeatedly states that the extent to which
breaches result in theft are unknown. Often, neither law enforcement nor
identity theft victims are aware that personal information had been
compromised. The GAO's law enforcement sources also reported that stolen
data may be held for years before fraudulent use, and then such use may
continue for years thereafter.

Moreover, the GAO's report only covers a fraction of data breach
incidents. From 2005-2006 alone, the news media identified more than 570
data breaches. Financial institutions have also reported several hundred
breaches in the past two years, including the July 2007 revelation that
the senior database administrator for a Fidelity National Information
Services subsidiary stole and sold the personal information of 2.3
million customers. The GAO report likewise failed to emphasize that the
2005 ChoicePoint breach of more than 163,000 sensitive consumer records
lead to at least 2,900 cases of identity theft. In that case,
ChoicePoint learned of the data breach in September 2004 and contacted
police, but did not inform the individuals whose data was leaked until
February 2005. Choicepoint was ultimately fined $15 million for the
incident.

GAO Report (pdf):

     http://www.gao.gov/new.items/d07737.pdf

EPIC's Page on Identity Theft:

     http://www.epic.org/privacy/idtheft/

EPIC's Page on ChoicePoint:

     http://www.epic.org/privacy/choicepoint/


Senate Includes EPIC Recommendation in Caller ID Spoofing Bill

The Senate Commerce Committee amended the Truth in Caller ID Act of
2007, S.704, to include an intent requirement that would protect
legitimate uses of caller ID spoofing. EPIC testified before the
Committee on the bill last month, and the Committee followed EPIC's
recommendation that any ban on caller ID spoofing contain an intent
requirement, so that spoofing is only prohibited where a person “intends
to defraud or cause harm.”  Caller ID spoofing occurs when a caller
conceals his or her phone number and causes another number to appear on
the call recipient's caller identification system.  An intent
requirement protects legitimate uses of the technology, allowing callers
to limit the disclosure of their phone numbers in order to protect their
privacy and in some cases their safety.  The bill now focuses on
punishing harmful uses of caller ID spoofing, rather than the technology
itself.  The Committee has now reported the bill to the full Senate.

EPIC's Testimony before the Senate Commerce Committee on the Truth in
Caller ID Act of 2007, S.704 (pdf):

     http://www.epic.org/privacy/iei/s704test.pdf

The Truth in Caller ID Act of 2007, S.704:

     http://thomas.loc.gov/cgi-bin/bdquery/z?d110:s.00704:


New Reports on Data Mining, Intelligence and Information Sharing

A recent Congressional Research Service (CRS) report examined the
Department of Homeland Security's utilization of data mining techniques
to identify potential terrorist activities. The report found that while
data mining can be effective, it also has limited capabilities for two
reasons.  First, data mining cannot identify causal relationships,
merely connections between variables.  Second, although data mining
reveals patterns, it does not show the significance of the pattern. The
GAO report suggests that Congress may wish to consider data mining
implementation and oversight issues in the future, because of the
potential for mission creep, data inaccuracies, and privacy abuses.

The CRS report comes as both the FBI and the Department of Homeland
Security released new reports on datamining that reveal increased
secret profiling of American citizens with few privacy protections and
unrelated to terrorism investigations. The FBI's System to Assess Risk
assigns numeric ratings to individuals based on the FBI's assessed
probability that the subject will commit a terrorist act.

CRS Report. "Data Mining and Homeland Security: An Overview" (pdf)

     http://www.fas.org/sgp/crs/homesec/RL31798.pdf

Comment of Senator Patrick Leahy on Dept. of Justice Data Mining Report

     http://leahy.senate.gov/press/200707/071007c.html


NY Plans Extensive Camera Surveillance

Recently, New York City Police officials announced the "Lower Manhattan
Security Initiative," which would greatly enhance the surveillance of
downtown streets. By the end of 2007, approximately 115 surveillance
cameras will have begun monitoring traffic moving through parts of lower
Manhattan. If the surveillance system, modeled after London's "ring of
steel," becomes fully operational by the estimated year 2010, the number
of cameras in the Manhattan area would expand to 3,000, and license
plate scanners would be used to track drivers, and the program might use
face recognition technology. The city estimates the new surveillance
system would cost $90 million, $15 million of which would come from
Homeland Security grants and $10 million from NYC. The city also is
seeking to charge drivers a fee for entering lower Manhattan; the fees
would go toward the surveillance project. EPIC has repeatedly explained
that camera surveillance systems do not deter crime; in fact, no studies
have shown that camera surveillance systems significantly reduce crime,
though several have been conducted by police departments in the U.S. and
U.K.

EPIC's Spotlight on Surveillance "D.C.'s Camera System Should Focus on
Emergencies, Not Daily Life" (Dec. 2005):

     http://www.epic.org/privacy/surveillance/spotlight/1105/

EPIC's Page on Video Surveillance: 

     http://www.epic.org/privacy/surveillance/


Survey Finds Information Requests Can Take Years

On July 2, the National Security Archive posted on its Web site the
latest Knight Open Government Survey, entitled “40 Years of FOIA, 20
Years of Delay: Oldest Pending Freedom of Information Requests Date Back
to the 1980s.” The survey once again highlighted the prolonged problem
of undue delays and extensive backlogs accumulating under the FOIA
request for information mechanism. The survey found FOIA requests in the
federal government dating back to the 1980s.  Five agencies have pending
requests older then 15 years, and 10 agencies misreported their oldest
pending FOIA requests to Congress in their Financial Year 2006 Annual
FOIA Reports.

The National Security Archive, Knight Open Government Survey (pdf):

     http://www.gwu.edu/~nsarchiv/NSAEBB/NSAEBB224/ten_oldest_report.pdf

EPIC's Page on Open Government:

     http://www.epic.org/open_gov/


========================================================================
[7] EPIC Bookstore: "Computer Crimes and Digital Investigations"
========================================================================

Computer Crimes and Digital Investigations by Ian Walden (Oxford, 2007)

     http://www.powells.com/partner/24075/biblio/9780199290987

Walden's Computer Crimes and Digital Investigations is a comprehensive
treatment of computers and the criminal justice system. The book surveys
various ideas of "computer crime," relevant laws, the interaction
between technology and criminal procedure, international developments
regarding jurisdiction and harmonization, and the presentation of
evidence at trial. Walden develops a taxonomy of computer crimes: crimes
committed with the computer; crimes of content, such as pornography, or
intellectual property offenses; and crimes against computer integrity
such as unauthorized access, interception and data modification. Walden
explains the substantive issue of each element of these crimes,
including addressing major legislation in each.

The text is particularly useful for legal practitioners and well as law
enforcement, security professionals and private investigators. The
reader at each step will gain an understanding of the major principles
and legal questions at play. The appendix includes the helpful
Association of Chief of Police Officers Good Practice Guide for Computer
based Electronic Evidence with lists of what should be seized, and some
practical advice.

Walden, a professor of information and communications law at Queen Mary,
University of London, has a generally UK-focus, with the occasional
example from the US and other countries. Promising more, Walden
concludes the book: "Computer crimes and digital investigations will
comprise a substantial part of criminal policy, law and practice over
the coming years, as information becomes the cornerstone to the global
economy. To examine such developments and the evolving legal framework
will surely require a second edition."

-- Guilherme Roschke


================================


EPIC Publications:

"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.
http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2005: An International Survey of Privacy Laws
and Developments" (EPIC 2006). Price: $60.
http://www.epic.org/bookstore/phr2005/phr2005.html

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
70 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2005 is the most comprehensive report on privacy
and data protection ever published.

================================

"FOIA 2004: Litigation Under the Federal Open Government Laws," Harry
Hammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price:
$40.
http://www.epic.org/bookstore/foia2004

This is the standard reference work covering all aspects of the Freedom
of Information Act, the Privacy Act, the Government in the Sunshine Act,
and the Federal Advisory Committee Act.  The 22nd edition fully updates
the manual that lawyers, journalists and researchers have relied on for
more than 25 years.  For those who litigate open government cases (or
need to learn how to litigate them), this is an essential reference
manual.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).  This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.
http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the
CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books
http://www.powells.com/features/epic/epic.html

================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:
https://mailman.epic.org/cgi-bin/control/foia_notes


========================================================================
[8] Upcoming Conferences and Events
========================================================================

AEI-Brookings Joint Center: The Economics of Internet Advertising:
Implications for the Google-DoubleClick Merger. July 18th, 2007.
Washington DC. For more information:
http://www.aei.org/events/eventID.1539/event_detail.asp

Harvard University Privacy Symposium. August 21-24, 2007. Cambridge, MA.
For more information http://www.privacysummersymposium.com

7th Annual Future of Music Policy Summit. September 17-18, 2007.
Washington, DC. For more information
http://www.futureofmusic.org/events/summit07/

PIPA Conference: Private Sector Privacy in a Changing World. September
20-21, 2007. Vancouver, Canada. For more information:
http://www.verney.ca/pipa2007/

Civil Society Privacy Conference: Privacy Rights in a World Under
Surveillance. September 25, 2007. Montreal, Canada. For more
information:
http://www.thepublicvoice.org/events/montreal07/default.html

29th International Conference of Data Protection and Privacy
Commissioners. September 25-28, 2007.  Montreal, Canada. For more
information:
http://www.privacyconference2007.gc.ca/Terra_Incognita_home_E.html

OECD and Industry Canada: Shaping Policies for Creativity, Confidence
and Convergence in the Digital World. October 3, 2007. Ottawa, Canada.
For more information:
http://www.oecd.org/futureinternet/participativeweb

University of Ottawa Faculty of Law: The Revealed "I". October 25-27,
2007. Ottawa, Canada. For more information:
http://www.idtrail.org/content/section/11/95/

Future of the Internet Economy - OECD Ministerial Meeting. June 14-18,
2008. Seoul, Korea. For more information:
http://www.oecd.org/document/19/0,2340,en_2649_37441_38051667
_1_1_1_37441,00.html

======================================================================
Subscription Information
======================================================================

Subscribe/unsubscribe via web interface:

https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news

Back issues are available at:

http://www.epic.org/alert

The EPIC Alert displays best in a fixed-width font, such as Courier.

========================================================================
Privacy Policy
========================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."

========================================================================
About EPIC
========================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC.  It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research.  For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009.  Or you can contribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

------------------------- END EPIC Alert 14.14 -------------------------

.