======================================================================== E P I C A l e r t ======================================================================== Volume 14.14 July 13, 2007 ------------------------------------------------------------------------ Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_14.14.html ======================================================================== Table of Contents ======================================================================== [1] EU and US Reach Agreements on Data Sharing [2] EPIC Comments on New Phone Customer Privacy Rules [3] EU Commission Opens Inquiry into Google-DoubleClick Merger [4] Appeals Court Dismisses Challenge to Warantless Surveillance Program [5] EPIC Among Groups Discussing National Security Letters With FBI [6] News in Brief [7] EPIC Bookstore: "Computer Crimes and Digital Investigations" [8] Upcoming Conferences and Events ======================================================================== [1] EU and US Reach Agreements on Data Sharing ======================================================================== On June 28, the European Union and the United States reached agreements on two forms of data sharing - that of passenger travel records and that of consumers' financial data. The first agreement concerns the transfer of passenger name record (PNR) information for travelers on all flights originating in the EU and landing in the US. A 2004 agreement on the same subject was declared invalid by the European Court of Justice in 2006. Although the Court's decision did not address the privacy issues of PNR data transfer, EU officials have expressed concern during agreement negotiations over the amount of data collected, the length of time for which the data is retained, and the lack of access and redress for EU citizens. In March 2007, EPIC Executive Director Marc Rotenberg testified before the Committee on Civil Liberties, Justice and Home Affairs of the European Parliament regarding the interim PNR arrangement. Mr. Rotenberg said that there were too few safeguards in place to prevent the use of European data by the US government for purposes unrelated to preventing future terrorist acts. The new agreement reduces the 34 pieces of data on passengers now collected by US law enforcement authorities to 19 data fields, including name, contact data, payment details, and itinerary information. The agreement also extends access to PNR information to EU citizens consistent with the provisions in the US Privacy Act and the Freedom of Information Act. The agreement does not, however, go so far as to extend the full protections of the Privacy Act. In a letter attached to the agreement, the US states that the Department of Homeland Security “had made a policy decision to extend administrative Privacy Act protections to PNR data” of non-US citizens and that all individuals have access to the DHS' redress system developed for travelers. Finally, the US letter states that PNR data will be retained for a minimum of 15 years. In his letter to the EU's Minister of the Interior, European Data Protection Supervisor Peter Hustinx outlined four areas of “grave concern” with the new agreement: the lengthened retention period for PNRs, the US' use of letters to avoid a binding agreement, the lack of a “robust” system of redress, and the possibility of US data sharing between an undisclosed number of agencies. The second agreement concerns the US' acquisition and use of financial data from an EU-based banking consortium. Last June, it was revealed that the US used broad, secret administrative subpoenas to review vast amounts of information from Belgium-based SWIFT, which routes financial data among 7,800 financial institutions in more than 200 countries. In this new agreement between the US and the EU, the US will restrict its use of any data received from SWIFT to being exclusively for counter-terrorism purposes. The US plans to retain the data for up to five years. In addition, the European Commission will appoint an "eminent European" who will conduct oversight of US use of SWIFT data. Europa, Passenger Name Record FAQ: http://www.epic.org/redirect/PNRFAQ.html EU-US Agreement on Passenger Name Records (June 28, 2007) (pdf): http://www.epic.org/privacy/pdf/pnr-agmt-2007.pdf Letter from European Data Protection Supervisor, Peter Hustinx, to the German Council Presidency on Proposed PNR Data Sharing Agreement (June 27, 2007) (pdf): http://www.epic.org/privacy/pdf/hustinx-letter.pdf EU-US SWIFT Agreement (June 28, 2007) (pdf): http://www.epic.org/privacy/pdf/swift-agmt-2007.pdf EPIC's page on EU-US Airline Passenger Data Disclosure: http://www.epic.org/privacy/intl/passenger_data.html Spotlight on Surveillance on the SWIFT program: http://www.epic.org/privacy/surveillance/spotlight/0606/ European Parliament, PNR/SWIFT/ Safe Harbour Are Transatlantic Data Protected? (March 26, 2007) (pdf) http://www.epic.org/redirect/EP-0307.html ======================================================================== [2] EPIC Comments on New Phone Customer Privacy Rules ======================================================================== This week EPIC joined nine other privacy and consumer in submitting comments to the Federal Communications Commission (FCC) calling for stronger safeguards for customers' telephone records. The Consumer Coalition recommended that the FCC establish comprehensive privacy rules that would require telephone companies to limit access to and retention of consumer call data, implement audit trails to track access to data, and curtail delays of law enforcement to customer notification in the event of a security breach. Last month, in response to a 2005 EPIC petition, the FCC adopted new rules to strengthen the security of consumers' phone records and requested comments on additional security proposals. The new rules relate to the treatment of customer proprietary network information (CPNI), which includes time, date, duration and destination number of each call, type of network a consumer subscribes to, and any other data that appears on the consumer's telephone bill. The new rules also include a requirement that carriers notify customers of unauthorized disclosures of telephone records; however, law enforcement agencies can delay notifying an individual of a breach for up to 14 days. Such a period may be extended “as long as reasonably necessary in the judgment of the agency,” according to the rules. FCC Commissioners Jonathan Adelstein and Michael Copps, among others, have criticized this provision, and the Consumer Coalition urged the FCC to restrict such delays. As Commissioner Adelstein noted, “Under these rules, the Commission gives the Federal Bureau of Investigation a potentially open-ended ability to delay customer notification of security breaches . . . automatic delays coupled with unlimited extensions are not appropriate.” In its comments, the Consumer Coalition emphasized the vulnerability of personal information on mobile devices, particularly when the devices are lost or stolen. This information could include personal and business correspondence, tax and bank records, and corporate client data. The Consumer Coalition requested that the FCC provide consumers with a feasible method of easily and permanently removing personal information from mobile devices. As it stands, no federal rules regulate the security or use of personal information on mobile devices. The Consumer Coalition also urged the FCC to adopt a comprehensive opt-in policy before customer information is disclosed to carriers' agents or affiliates, because such a policy is “the only truly effective means to provide privacy protection to those consumers who desire it.” Because the current opt-out policy provides inadequate coverage and notice, carriers must be required provide customers with clear and conspicuous notice of their right to opt in. The Consumer Coalition also commended the FCC for extending CPNI rules to VoIP providers. “Even though there may be technical differences between telecommunications carriers and VoIP providers, both types of companies are dealing with consumers' personal information. Even though VoIP providers may collect less information, they should still be held to CPNI regulations for the information they do collect,” the Consumer Coalition said. The Consumer Coalition is: Consumer Action, Consumer Federation of America, Consumers Union, Electronic Privacy Information Center, National Consumers League, Privacy Activism, Privacy Journal, Privacy Rights Clearinghouse, U.S. Public Interest Research Groups, Utility Consumers' Action Network. EPIC's Comments to the FCC (pdf): http://www.epic.org/privacy/cpni/cpni_070607.pdf EPIC's page on CPNI: http://www.epic.org/privacy/cpni FCC's Report and Order and Further Notice of Proposed Rulemaking (pdf): http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-07-22A1.pdf EPIC's 2005 Petition to the FCC on CPNI: http://www.epic.org/privacy/iei/cpnipet.html ======================================================================== [3] EU Commission Opens Inquiry into Google-DoubleClick Merger ======================================================================== The European Commission Directorate on Competition recently announced that it would review Google's $3.1 billion merger with Internet advertising company DoubleClick. The decision to review was made shortly after European consumer group BEUC sent a letter urging the Commission to investigate the merger. BEUC reminded the Commission that it has publicly defined its role as preventing mergers that would deprive consumers of “high quality products, a wide selection of goods and services, and innovation.” BEUC also noted that the European Commission has considered consumer choice as an element in its review of past mergers. Furthermore, BEUC explained that Google could establish a monopoly in the online advertising industry, effectively reducing its competition and raising privacy concerns about the massive quantities of user data retained. By combining DoubleClick's databases and customer profiles with its own, Google will be able to track its users' online activities almost continuously. When they offered their private information to either company, most consumers did not know that in the future there would be a merger that would give the companies a more complete profile of individuals' behavior, stated BEUC. The monopoly resulting from this merger would give Google little incentive to provide its users with improved service and adequate privacy protections. The European Commission Directorate on Competition is not the only agency currently reviewing the proposed Google and DoubleClick merger. The Article 29 Data Protection Working Party also recently expanded an investigation of Google's data retention policies after receiving Google's response to their initial inquiry. The initial review focused on Google's storage periods of server logs, whereas the Working Party has indicated that its new investigation will evaluate the previous analysis in addition to the data protection issues at stake with other search engines. The U.S. Federal Trade Commission is also reviewing the proposed merger. The European Commission Directorate on Competition: http://ec.europa.eu/comm/competition/index_en.html BEUC's letter on Proposed Acquisition of DoubleClick by Google (pdf): http://www.epic.org/privacy/ftc/google/beuc_062707.pdf Article 29 Data Protection Working Party Press Release (pdf): http://www.epic.org/redirect/a29_press.html EPIC's page on Proposed Google/DoubleClick Merger: http://www.epic.org/privacy/ftc/google/ ======================================================================== [4] Appeals Court Dismisses Challenge to Warantless Surveillance Program ======================================================================== On July 6, the Sixth U.S. Circuit of Appeals ordered the dismissal of a lawsuit challenging President Bush's domestic spying program, saying the plaintiffs lacked the standing to sue because they could not prove the government had monitored their communications. The court did not rule on the issue of whether warrantless wiretapping is legal. The 2-1 ruling vacated a 2006 order by a district court in Detroit, which found that the warrantless surveillance program violated constitutional rights to privacy and free speech and the separation of powers. The case, ACLU v. NSA, will either be appealed to the Supreme Court or remanded to the District Court in Detroit for dismissal. Many of the specifics of this surveillance program remain undisclosed, but the Bush administration has publicly acknowledged that the program includes the warrantless wiretapping of telephone and email communications where one party is located outside the United States. The plaintiffs in ACLU v. NSA included journalists, academics and lawyers all of whom alleged that they have a “well-founded belief” that their communications were tapped. The District Court held that the plaintiff had standing based on the three publicly acknowledged facts about the programs. The Appellate Court rejected this reasoning stating, “the plaintiffs have failed to meet this burden because there is no evidence in the record that any of the plaintiffs are personally subject to the TSP [Terrorist Surveillance Program].” This case is separate from, but related to, Hepting v. AT&T, a class action lawsuit filed in January 2006 by the Electronic Frontier Foundation (EFF) against telecommunications company AT&T. EFF alleges that AT&T permitted and assisted the U.S. government in unlawfully monitoring the communications of a large part of the United States, including AT&T customers, businesses and third parties whose communications were routed through AT&T's network, as well as Voice over IP (VoIP) telephone calls routed via the Internet. In July 2006, the U.S. District Court for the Northern District of California, where the suit was filed, rejected a U.S. government motion to dismiss the case. In May, EPIC, in cooperation with the Stanford Constitutional Law Center, filed an amicus brief in Hepting v. AT&T, arguing that the “plaintiffs have alleged direct personal injury, namely that their own communications were diverted by AT&T to the government in violation of federal statutes and the Constitution.” This case is now on appeal before the Ninth Circuit. Sixth Circuit Appeals Court Decision in ACLU v. NSA (pdf): http://www.ca6.uscourts.gov/opinions.pdf/07a0253p-06.pdf EPIC's Spotlight on Surveillance on Warrantless Surveillance (Jan. 2006): http://www.epic.org/privacy/surveillance/spotlight/0106/ EPIC's Page on Hepting v. AT&T Corp.: http://www.epic.org/privacy/hepting/ ======================================================================== [5] EPIC Among Groups Discussing National Security Letters With FBI ======================================================================== On July 9, FBI Director Robert S. Mueller III met with EPIC and several other privacy groups to discuss the FBI's new internal guidelines for the use of national security letters (NSLs). NSLs are an extraordinary search procedure by which the FBI can compel disclosure of data from telephone companies, financial institutions, Internet service providers and consumer credit agencies without judicial approval. In March, the Department of Justice's Office of the Inspector General (OIG) issued a report detailing significant abuse of the FBI's NSL powers. On March 29, 2005, EPIC sent a Freedom of Information Act request seeking records on the FBI's use of its expanded Patriot Act powers. The documents obtained by this request describe 13 cases of possible FBI misconduct in intelligence investigations. In response to these reports, the FBI issued new internal guidelines to all of its agents in June on the “use, requirements, and reporting of National Security Letters.” The guidelines fail to address the concerns EPIC has expressed in its letters to the Senate Judiciary Committee. Based on EPIC's Freedom of Information Act request, and the OIG's report, EPIC has called for a repeal of Section 505 of the Patriot Act, which expanded the NSL power. The FBI's new guidelines continue to allow NSLs to be issued under the lower standard, and continue the practice of allowing field offices to issue NSLs, rather than the pre-Patriot Act requirement of FBI headquarters approval. The guidelines do not mandate that information obtained through an NSL be labeled as such before being uploaded into the FBI's database, making tracking of how NSLs are used difficult. There continues to be no independent judicial oversight of NSL requests. Additionally, the guidelines offer no guidance on when a “less intrusive means of obtaining the information are feasible,” nor is there any guidance on when non-disclosure, or gag orders, should be included with an NSL. In a letter to the Senate Judiciary Committee in October 2005, as Congress was considering whether to renew provisions of the Patriot Act that would otherwise sunset, EPIC first brought attention to the internal documents that revealed that there were abuses of the Patriot Act by the FBI. The 2005 EPIC letter to the Senate Judiciary Committee noted that Attorney General Gonzalez had testified during the Patriot Act reathorization that "there has not been one verified case of civil liberties abuse" resulting from Patriot Act authority and that FBI Director Mueller has similarly testified "I as well am unaware of any substantial allegation that the government has abused its authority under the Patriot Act." FBI Press Release on July 9 Meeting With Privacy Groups: http://www.fbi.gov/pressrel/pressrel07/privacygroups070907.htm Revised NSL Guidelines (pdf): http://www.epic.org/privacy/nsl/New_NSL_Guidelines.pdf EPIC's Letter to Senators Specter and Leahy (March 21, 2007) (pdf): http://www.epic.org/privacy/pdf/nsl_letter.pdf EPIC's Letter to Senators Specter and Leahy (June 16, 2006) http://www.epic.org/privacy/surveillance/sen_iob_letter.pdf EPIC's Letter to Senators Specter and Leahy (Oct. 24, 2005) (pdf): http://www.epic.org/redirect/epic_letter.html EPIC's Page on NSL: http://www.epic.org/privacy/nsl/ ======================================================================== [6] News in Brief ======================================================================== EPIC Urges Protection of Internet Subscriber Data On July 9, EPIC joined five groups in filing a "friend of the court" brief in New Jersey v. Reid, an appeal to the state Supreme Court regarding an illegal subpoena to an Internet service provider demanding data on a subscriber. The lower court held that subscribers have a reasonable expectation of "informational privacy," defined as "the ability to control the acquisition or release of information about oneself." In their brief, the groups explained, "This case raises far-reaching questions about the scope of privacy protection in the electronic environment," especially because subscriber information "can reveal substantially more about an individual than, for example, the phone numbers she dials." The groups urged the NJ Supreme Court to uphold the ruling: "Like the ability to engage in phone calls confidentially from one's home, so too is the right to make confidential electronic communications from one's home computer deserving of protection." Brief of EPIC and Five Groups (pdf): http://www.epic.org/privacy/nj_reid/amicus_reid.pdf Lower Court Decision in New Jersey v. Reid (pdf): http://www.epic.org/privacy/nj_reid/reid_superior_ct.pdf CRS Publishes Report on Fusion Centers The Congressional Research Center (CRS) has published a new report entitled, "Fusion Centers: Issues and Options for Congress." The report offers insight on the deployment of over 40 law enforcement fusion centers throughout the nation. The goal of fusion centers is to bring together information from distributed sources for the purpose of risk assessment and “preventive action.” The CRS report states that officials justifying the development of fusion centers use a number of presumptions, and that the goals of the centers seem to be unfocused with wide-ranging explanations on what they are intended to accomplish. The report outlined threats to civil liberties and privacy posed by the deployment of fusion centers, because of the scope and volume of personally identifiable information that could be collected on entire populations within the jurisdiction of a fusion center. The report states that there are no federal laws that provide oversight for the work of fusion centers. CRS Report: "Fusion Centers: Issues and Options for Congress" (July 6, 2007) (pdf): http://www.epic.org/privacy/fusion/crs_fusionrpt.pdf EPIC's Page on Fusion Centers: http://www.epic.org/privacy/fusion/ GAO Releases Faulty Report on Identity Theft and Data Breaches The Government Accountability Office (GAO) released a report titled “Personal Information: Data Breaches Are Frequent, but Evidence of Resulting Identity Theft Is Limited; However, the Full Extent Is Unknown.” The GAO found that, of the 24 breaches it studied from 2000-2005, only three included clear evidence that the breach resulted in fraud on existing accounts. Based on this data, the GAO suggested that Congresional enactment of a risk-based federal notification system could avoid posing undue burden on orgnanizations who may otherwise have to provide notification for breaches that pose little risk. suggested that if Congress were to enact a federal notification requirement, a system whereby consumers are notified only when a predetermined level of risk is present might enable businesses to the cost of 'counterproductive' notifications. Despite appearing to diminish the statistical likelihood of identity theft, the GAO report repeatedly states that the extent to which breaches result in theft are unknown. Often, neither law enforcement nor identity theft victims are aware that personal information had been compromised. The GAO's law enforcement sources also reported that stolen data may be held for years before fraudulent use, and then such use may continue for years thereafter. Moreover, the GAO's report only covers a fraction of data breach incidents. From 2005-2006 alone, the news media identified more than 570 data breaches. Financial institutions have also reported several hundred breaches in the past two years, including the July 2007 revelation that the senior database administrator for a Fidelity National Information Services subsidiary stole and sold the personal information of 2.3 million customers. The GAO report likewise failed to emphasize that the 2005 ChoicePoint breach of more than 163,000 sensitive consumer records lead to at least 2,900 cases of identity theft. In that case, ChoicePoint learned of the data breach in September 2004 and contacted police, but did not inform the individuals whose data was leaked until February 2005. Choicepoint was ultimately fined $15 million for the incident. GAO Report (pdf): http://www.gao.gov/new.items/d07737.pdf EPIC's Page on Identity Theft: http://www.epic.org/privacy/idtheft/ EPIC's Page on ChoicePoint: http://www.epic.org/privacy/choicepoint/ Senate Includes EPIC Recommendation in Caller ID Spoofing Bill The Senate Commerce Committee amended the Truth in Caller ID Act of 2007, S.704, to include an intent requirement that would protect legitimate uses of caller ID spoofing. EPIC testified before the Committee on the bill last month, and the Committee followed EPIC's recommendation that any ban on caller ID spoofing contain an intent requirement, so that spoofing is only prohibited where a person “intends to defraud or cause harm.” Caller ID spoofing occurs when a caller conceals his or her phone number and causes another number to appear on the call recipient's caller identification system. An intent requirement protects legitimate uses of the technology, allowing callers to limit the disclosure of their phone numbers in order to protect their privacy and in some cases their safety. The bill now focuses on punishing harmful uses of caller ID spoofing, rather than the technology itself. The Committee has now reported the bill to the full Senate. EPIC's Testimony before the Senate Commerce Committee on the Truth in Caller ID Act of 2007, S.704 (pdf): http://www.epic.org/privacy/iei/s704test.pdf The Truth in Caller ID Act of 2007, S.704: http://thomas.loc.gov/cgi-bin/bdquery/z?d110:s.00704: New Reports on Data Mining, Intelligence and Information Sharing A recent Congressional Research Service (CRS) report examined the Department of Homeland Security's utilization of data mining techniques to identify potential terrorist activities. The report found that while data mining can be effective, it also has limited capabilities for two reasons. First, data mining cannot identify causal relationships, merely connections between variables. Second, although data mining reveals patterns, it does not show the significance of the pattern. The GAO report suggests that Congress may wish to consider data mining implementation and oversight issues in the future, because of the potential for mission creep, data inaccuracies, and privacy abuses. The CRS report comes as both the FBI and the Department of Homeland Security released new reports on datamining that reveal increased secret profiling of American citizens with few privacy protections and unrelated to terrorism investigations. The FBI's System to Assess Risk assigns numeric ratings to individuals based on the FBI's assessed probability that the subject will commit a terrorist act. CRS Report. "Data Mining and Homeland Security: An Overview" (pdf) http://www.fas.org/sgp/crs/homesec/RL31798.pdf Comment of Senator Patrick Leahy on Dept. of Justice Data Mining Report http://leahy.senate.gov/press/200707/071007c.html NY Plans Extensive Camera Surveillance Recently, New York City Police officials announced the "Lower Manhattan Security Initiative," which would greatly enhance the surveillance of downtown streets. By the end of 2007, approximately 115 surveillance cameras will have begun monitoring traffic moving through parts of lower Manhattan. If the surveillance system, modeled after London's "ring of steel," becomes fully operational by the estimated year 2010, the number of cameras in the Manhattan area would expand to 3,000, and license plate scanners would be used to track drivers, and the program might use face recognition technology. The city estimates the new surveillance system would cost $90 million, $15 million of which would come from Homeland Security grants and $10 million from NYC. The city also is seeking to charge drivers a fee for entering lower Manhattan; the fees would go toward the surveillance project. EPIC has repeatedly explained that camera surveillance systems do not deter crime; in fact, no studies have shown that camera surveillance systems significantly reduce crime, though several have been conducted by police departments in the U.S. and U.K. EPIC's Spotlight on Surveillance "D.C.'s Camera System Should Focus on Emergencies, Not Daily Life" (Dec. 2005): http://www.epic.org/privacy/surveillance/spotlight/1105/ EPIC's Page on Video Surveillance: http://www.epic.org/privacy/surveillance/ Survey Finds Information Requests Can Take Years On July 2, the National Security Archive posted on its Web site the latest Knight Open Government Survey, entitled “40 Years of FOIA, 20 Years of Delay: Oldest Pending Freedom of Information Requests Date Back to the 1980s.” The survey once again highlighted the prolonged problem of undue delays and extensive backlogs accumulating under the FOIA request for information mechanism. The survey found FOIA requests in the federal government dating back to the 1980s. Five agencies have pending requests older then 15 years, and 10 agencies misreported their oldest pending FOIA requests to Congress in their Financial Year 2006 Annual FOIA Reports. The National Security Archive, Knight Open Government Survey (pdf): http://www.gwu.edu/~nsarchiv/NSAEBB/NSAEBB224/ten_oldest_report.pdf EPIC's Page on Open Government: http://www.epic.org/open_gov/ ======================================================================== [7] EPIC Bookstore: "Computer Crimes and Digital Investigations" ======================================================================== Computer Crimes and Digital Investigations by Ian Walden (Oxford, 2007) http://www.powells.com/partner/24075/biblio/9780199290987 Walden's Computer Crimes and Digital Investigations is a comprehensive treatment of computers and the criminal justice system. The book surveys various ideas of "computer crime," relevant laws, the interaction between technology and criminal procedure, international developments regarding jurisdiction and harmonization, and the presentation of evidence at trial. Walden develops a taxonomy of computer crimes: crimes committed with the computer; crimes of content, such as pornography, or intellectual property offenses; and crimes against computer integrity such as unauthorized access, interception and data modification. Walden explains the substantive issue of each element of these crimes, including addressing major legislation in each. The text is particularly useful for legal practitioners and well as law enforcement, security professionals and private investigators. The reader at each step will gain an understanding of the major principles and legal questions at play. The appendix includes the helpful Association of Chief of Police Officers Good Practice Guide for Computer based Electronic Evidence with lists of what should be seized, and some practical advice. Walden, a professor of information and communications law at Queen Mary, University of London, has a generally UK-focus, with the occasional example from the US and other countries. Promising more, Walden concludes the book: "Computer crimes and digital investigations will comprise a substantial part of criminal policy, law and practice over the coming years, as information becomes the cornerstone to the global economy. To examine such developments and the evolving legal framework will surely require a second edition." -- Guilherme Roschke ================================ EPIC Publications: "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2005: An International Survey of Privacy Laws and Developments" (EPIC 2006). Price: $60. http://www.epic.org/bookstore/phr2005/phr2005.html This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 70 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2005 is the most comprehensive report on privacy and data protection ever published. ================================ "FOIA 2004: Litigation Under the Federal Open Government Laws," Harry Hammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price: $40. http://www.epic.org/bookstore/foia2004 This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 22nd edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: https://mailman.epic.org/cgi-bin/control/foia_notes ======================================================================== [8] Upcoming Conferences and Events ======================================================================== AEI-Brookings Joint Center: The Economics of Internet Advertising: Implications for the Google-DoubleClick Merger. July 18th, 2007. Washington DC. For more information: http://www.aei.org/events/eventID.1539/event_detail.asp Harvard University Privacy Symposium. August 21-24, 2007. Cambridge, MA. For more information http://www.privacysummersymposium.com 7th Annual Future of Music Policy Summit. September 17-18, 2007. Washington, DC. For more information http://www.futureofmusic.org/events/summit07/ PIPA Conference: Private Sector Privacy in a Changing World. September 20-21, 2007. Vancouver, Canada. For more information: http://www.verney.ca/pipa2007/ Civil Society Privacy Conference: Privacy Rights in a World Under Surveillance. September 25, 2007. Montreal, Canada. For more information: http://www.thepublicvoice.org/events/montreal07/default.html 29th International Conference of Data Protection and Privacy Commissioners. September 25-28, 2007. Montreal, Canada. For more information: http://www.privacyconference2007.gc.ca/Terra_Incognita_home_E.html OECD and Industry Canada: Shaping Policies for Creativity, Confidence and Convergence in the Digital World. October 3, 2007. Ottawa, Canada. For more information: http://www.oecd.org/futureinternet/participativeweb University of Ottawa Faculty of Law: The Revealed "I". October 25-27, 2007. Ottawa, Canada. For more information: http://www.idtrail.org/content/section/11/95/ Future of the Internet Economy - OECD Ministerial Meeting. June 14-18, 2008. Seoul, Korea. For more information: http://www.oecd.org/document/19/0,2340,en_2649_37441_38051667 _1_1_1_37441,00.html ====================================================================== Subscription Information ====================================================================== Subscribe/unsubscribe via web interface: https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ======================================================================== Privacy Policy ======================================================================== The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================== About EPIC ======================================================================== The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ------------------------- END EPIC Alert 14.14 ------------------------- .