======================================================================== E P I C A l e r t ======================================================================== Volume 14.22 October 31, 2007 ------------------------------------------------------------------------ Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_14.22.html ======================================================================== E P I C Job Announcement ======================================================================== EPIC is seeking a smart, energetic, creative individual for the position of Staff Counsel Deadline: Nov. 30, 2007 Click here for more details http://www.epic.org/epic/jobs/counsel_1007.html ======================================================================== Table of Contents ======================================================================== [1] EPIC Calls for Whois Privacy [2] Groups Urge Zero Funding for REAL ID System [3] EPIC Urges Congress to Monitor Google-DoubleClick Review [4] US Senate Committees Consider FISA Reform, Immunity [5] Numbers Will Not Be Dropped From Do Not Call Registry [6] News in Brief [7] EPIC Bookstore: "Privacy Law and Society" [8] Upcoming Conferences and Events - Subscription Information - Privacy Policy - About EPIC - Donate to EPIC ======================================================================== [1] EPIC Calls for Whois Privacy ======================================================================== In a letter to the Board of the Internet Corporation for Assigned Names and Numbers (ICANN), EPIC expressed its support for changes to Whois services that would protect the privacy of individuals, specifically the removal of registrants' contact information from the publicly accessible Whois database. As explained in Privacy and Human Rights 2006, concealing actual identity may be critical for political, artistic, and religious expression on the Internet. The ICANN Whois Task Force completed its final report on Whois Services in March 2007. In that report, a majority of members endorsed a proposal called the "Operational Point of Contact" (OPoC). Under OPoC, every registrant would identify a new operational point of contact and the registrant's postal address, city, and postal code would no longer be displayed. The operational point of contact's name and contact information would be displayed instead, and it would replace the administrative and technical contacts. A Whois Working Group, convened to examine some of the implementation details of the OPoC, published its report in August 2007. A public comment period on the report received submissions until October 30, 2007. ICANN members are likely to vote on the issue on October 31, 2007 during the Los Angeles ICANN meeting. ICANN's current policy requiring the publication of personal information violates the privacy rights of registrants and may violate international laws and the privacy rights in the UN's Universal Declaration of Human Rights. Both the Whois Task Force and the Whois Working Group agree that new mechanisms must be adopted to address an individual's right to privacy and the protection of his or her data. In its comments, EPIC pointed out that this issue has remained unresolved for seven years. While the OPoC proposal is not an ideal solution, the Working Group's report represented agreed in critical areas, on several key points that advance the Whois discussion within ICANN and provide clear guidance to the ICANN Board. EPIC suggested that if the proposal does not move forward, then the Board should sunset the Whois database. Thirty other groups and individuals endorsed EPIC's letter to the ICANN Board. ICANN Staff Overview of Recent WHOIS Activity: http://www.epic.org/redirect/gnso.html EPIC's Letter to ICANN (Oct. 30, 2007) (pdf): http://www.epic.org/privacy/whois/comments2.pdf EPIC's page on WHOIS: http://www.epic.org/privacy/whois/ Privacy and Human Rights 2006: http://www.epic.org/phr06 ======================================================================== [2] Groups Urge Zero Funding for REAL ID System ======================================================================== A number of organizations have joined to urge Congress against funding the REAL ID national identification system. Congress passed REAL ID without a hearing even though legislators in both parties urged debate. Sen. Daniel Akaka and Sen. John Sununu have both said that they believe REAL ID "places an unrealistic and unfunded burden on state governments and erodes Americans' civil liberties and privacy rights." In a letter, the groups said, "$50 million for REAL ID was appropriated in the House. In the Senate, however, an amendment offered by Sen. Alexander to add an additional $300 million was defeated by a bipartisan majority. Earlier efforts to expand REAL ID as part of the Comprehensive Immigration Reform bill were also rejected. We strongly urge the Conference Committee to accept the Senate's approach not to fund REAL ID." The groups also explained, "Furthermore, of the $40 million that has been appropriated for REAL ID implementation so far, $34 million remains unspent. [. . .] This year, New Hampshire returned its grant and passed a law barring REAL ID participation by the state. If an additional $50 million is appropriated, it is similarly likely to languish in Washington rather than going to states that need it to implement other desirable programs." There has been widespread public opposition to REAL ID. Seventeen states have passed legislation rejecting the national identification system. In May, 54 organizations representing trans-partisan, nonpartisan, privacy, consumer, civil liberty, civil rights, and immigrant organizations joined to launch a national campaign to solicit public comments to stop REAL ID. The Department of Homeland Security received more than 12,000 comments on its draft implementation regulations for the REAL ID Act, even though the comment process was marked with problems. EPIC and 24 other privacy and technology experts jointly submitted comments in May warning the federal agency not to go forward with the REAL ID proposal. The group urged DHS to recommend to Congress that REAL ID is unworkable and must be repealed. "The REAL ID Act creates an illegal de facto national identification system filled with threats to privacy, security and civil liberties that cannot be solved, no matter what the implementation plan set out by the regulations," the group said. Information on the Group Letter to Congress: http://realnightmare.org/ Text of the REAL ID Act (pdf): http://www.epic.org/privacy/id_cards/real_id_act.pdf Comments of EPIC and 24 Experts in Privacy and Technology (pdf): http://www.epic.org/privacy/id_cards/epic_realid_comments.pdf Stop REAL ID Campaign site: http://www.privacycoalition.org/stoprealid EPIC's Page on National ID Cards and REAL ID Act: http://www.epic.org/privacy/id_cards/ ======================================================================== [3] EPIC Urges Congress to Monitor Google-DoubleClick Review ======================================================================== In a letter to the Subcommittee on Financial Services and General Government of the U.S. House Committee on Appropriations, EPIC urged oversight of the Federal Trade Commission's review of the proposed Google-DoubleClick merger. The Subcommittee is responsible for the annual appropriation for the Federal Trade Commission. In recent complaints to the Federal Trade Commission, EPIC, the Center for Digital Democracy and US PIRG have detailed the reasons why the FTC needs to establish substantial privacy safeguards as a condition of the merger. The filings include proposals for a range of steps the Commission could take by means of a consent order to safeguard consumer privacy. In the October 26 letter to the Subcommittee, EPIC set out the privacy concerns arising from the proposed merger as well as the statements of various experts and Senator Herbert Kohl, Chairman of the Judiciary Committee's Subcommittee on Antitrust, Competition Policy & Consumer Rights, regarding the authority of the Commission to act in this matter. If the FTC fails to establish substantial privacy safeguards as a condition of the proposed Google-DoubleClick merger, "we believe there should be a comprehensive investigation of the factors that led to the FTC's decision," EPIC said. Also on October 26, Representative Ed Towns, member of the U.S. House Committee on Energy and Commerce, wrote to FTC Chairman Deborah Platt Majoras asking the Commission "to analyze the unique consumer protection issues raised by Google's proposed acquisition of DoubleClick." He urged the Commission to ask questions, including, "Could Google become so powerful that it no longer would be subject to market pressure to compete with respect to the quality of its privacy practices?" Rep. Towns said, "Section 5 of the FTC Act gives the Commission broad authority to address potential consumer harms, and I trust the Commission will use this authority to ensure that consumers' privacy interests are protected in connection with Google's proposed acquisition of DoubleClick." EPIC's Letter to the House Subcommittee on Financial Services and General Government (pdf): http://www.epic.org/privacy/ftc/google/hfin_102607.pdf Representative Towns's Letter to the Federal Trade Commission (pdf): http://www.epic.org/privacy/ftc/google/towns_102607.pdf U.S. House Subcommittee on Financial Services and General Government: http://appropriations.house.gov/Subcommittees/sub_fsdc.shtml EPIC's page on Privacy? Proposed Google/DoubleClick Deal: http://www.epic.org/privacy/ftc/google/ ======================================================================== [4] US Senate Committees Consider FISA Reform, Immunity ======================================================================== The FISA Amendments Act of 2008 (S. 2248) was approved by the US Senate Intelligence Committee and is now being considered by the US Senate Judiciary Committee. The Intelligence Committee released its report summarizing its findings and the legislation. In the report, the Intelligence Committee noted that acquiring documents necessary to studying the program was "more difficult than it should have been." The documents were only made available in October 2007. Intelligence Committee members concluded that FISA would have to be revised in order to target people abroad, that additional protections are needed for US persons, and that civil immunity should be afforded to companies that aided the warrantless surveillance program. The bill that the Committee presented reflected these findings. According to the FISA Amendments Act of 2008, immunity will be granted to providers who received a written request for the information stating that the program was authorized by the president and determined to be lawful. The Act will sunset in 6 years' time. An amendment to remove the immunity provisions failed by a vote of 3-12. Senators Wyden, Feingold and Nelson voted in favor of removing the immunity provision. The Judiciary Committee, by letter from Chairman Leahy and Ranking Member Specter, again requested White House documents pertinent to FISA reform. The Committee subpoenaed the documents earlier this summer, and had extended the response deadline to August 20, 2007, which was also not met. The White House conditioned the release of the documents on grants of immunity to telecommunications companies, a move that the Judiciary Committee letter calls unacceptable. The Judiciary Committee is scheduled to hold a hearing on FISA on October 31. Letter from Sen. Leahy and Ranking Member Specter, to the White House (Oct. 22, 2007): http://leahy.senate.gov/press/200710/102207b.html Senate Intelligence Committee Report (pdf): http://intelligence.senate.gov/071025/report.pdf EPIC's page on FISA: http://www.epic.org/privacy/terrorism/fisa/ ======================================================================== [5] Numbers Will Not Be Dropped From Do Not Call Registry ======================================================================== In testimony last week before the US House of Representatives' Subcommittee on Commerce, Trade, and Consumer Protection, the Federal Trade Commission committed "that it will not drop any telephone numbers from the Do Not Call Registry based on the five-year expiration period pending final Congressional or agency action on whether to make registration permanent." The Do Not Call Registry is a list created and maintained by the Federal Trade Commission of consumers who do not wish to be telephoned by commercial marketers. The Registry now contains more than 145 million phone numbers. When the Do Not Call Registry was developed in 2003, the Commission adopted a five-year re-registration mechanism and said that the list would be periodically purged of disconnected or reassigned numbers. This was done to ensure that the Registry was as accurate as possible, while not placing too great a burden on consumers to re-register their telephone numbers. However, for five years the Registry has successfully used a scrubbing program to purge disconnected and reassigned numbers each month. The increased use of cell phones and the popularity of telephone number portability also make the re-registration procedure less necessary than it may have been five years ago. According to the Commission, "the Registry has enjoyed unprecedented popularity and helped enhance the privacy of the American public in a tangible way." A study released in January 2006 showed that 94 percent of American adults have heard of the Registry and 76 percent have registered their phone numbers. Since the Registry has been in place, the Commission has initiated 27 cases alleging DNC violations, resulting in a total of $8.8 million in civil penalties and $8.6 million in consumer redress or disgorgement of ill-gotten gains. The largest penalty, $5.3 million, was paid by Satellite television subscription seller DirecTV in 2005. Most recently, the Broadcast Team agreed to pay a $1 million civil penalty, the second-largest penalty obtained in a Do Not Call case, for violations of the Telemarketing Sales Rule. Federal Trade Commission has also stated that despite claims made in e-mails circulating on the Internet, consumers should not be concerned that their cell phone numbers will be released to telemarketers in the near future, and that it is not necessary to register cell phone numbers on the National Do Not Call Registry to be protected from most telemarketing calls to cell phones. Federal Trade Commission Do Not Call Registry Testimony Summary (pdf): http://www.ftc.gov/opa/2007/10/dnctestimony.shtm Federal Trade Commission: The Truth About Cell Phones And The Do Not Call Registry: http://ftc.gov/opa/2007/10/dnccellphones.shtm EPIC's page on the Do Not Call Registry: http://www.epic.org/privacy/telemarketing/dnc/ ======================================================================== [6] News in Brief ======================================================================== Arizona Prosecutors Release Newspaper Executives, End Investigation Arizona prosecutors have dropped all charges against "Phoenix New Times" newspaper executives who were arrested after publishing a story about a grand jury investigation of the newspaper. The executives had detailed secret grand jury subpoenas demanding broad access to reporters' notes and information on people who visited the newspaper's website since 2004. Two prosecutors in the case are facing investigations by the State Bar Association after multiple complaints were filed concerning the "Phoenix New Times" case and another case. EPIC has historically sought to protect the privacy of news subscribers. In January, EPIC joined six civil liberties groups to submit a "friend of the court" brief in Forensic Advisors, Inc. v. Matrixx Initiatives, Inc. Pharmaceutical company Matrixx sought to force a newsletter publisher to disclose his subscriber list so that Matrixx could use it in connection with a lawsuit filed against unidentified people who posted derogatory comments about the company on Internet discussion boards. The brief argued that the subscriber list is protected under the First Amendment, since disclosure of the list would deter readership and violate constitutionally established privacy rights. January 2007 Amicus Brief Submitted by EPIC, et. al (pdf): http://www.epic.org/free_speech/forensic_amic0107.pdf Privacy International Files Toronto Transit CCTV Complaint Privacy International filed a complaint with the Ontario Information and Privacy Commissioner's Office regarding plans to deploy 12,000 cameras across Toronto's transportation network of buses, streetcars, and subways at a cost of $18 million. According to Privacy International, the Toronto Transit Commission has repeatedly argued that Closed Circuit Television (CCTV) acts as a deterrent despite international criminological evidence proving otherwise. In its complaint, Privacy International argues that the collection principles in the relevant legislation are not being sufficiently attended to in that the collection is not necessary, that the scheme is being deployed without consideration to privacy and associated protocols, and with insufficient consideration regarding access powers. Privacy International complaint (Oct. 24) (pdf): http://www.epic.org/redirect/PIComplaint.html EPIC's page on Video Surveillance: http://www.epic.org/privacy/surveillance/ EPIC's Spotlight on Surveillance: D.C.'s Camera System Should Focus on Emergencies, Not Daily Life (Dec. 2005): http://www.epic.org/privacy/surveillance/spotlight/1205/default.html EU Security Agency on Social Networking Risks, Recommendations The European Network and Information Security Agency (ENISA) has issued a position paper on Security Issues And Recommendations for Social Networks. The paper concludes that social networks are a clear benefit to society; however, the study warns of the danger that new face recognition or other new technologies pose in a world were there may be a false sense of intimacy created by social networks. The agency grouped security threats into 4 categories: privacy, traditional network, identity and social threats. The paper recommends government and corporate policy changes, technical and research recommendation, such as increasing transparency of data handling practices, and encouraging social networking education rather than the banning of social networking sites in schools. Security Issues and Recommendations for Online Social Networks (pdf): http://www.epic.org/redirect/enisa.html EPIC's page on Social Networking and Privacy: http://www.epic.org/privacy/socialnet/default.html National Health Committee Calls For Stronger HIPAA Privacy The National Committee On Vital And Health Statistics has submitted a draft report to the Secretary of the U.S. Department of Health and Human Services on the topic of "secondary uses" of electronically collected and transmitted health data. In its report, the Committee recommends extending the applicability of the federal rules that protect the privacy of individuals' medical records. Specifically, the report recommends that the Health Insurance Portability and Accountability Act of 1996 apply to all users of health data. Currently, HIPAA's coverage is limited to certain groups, primarily insurers and health care providers. The committee will receive public comments on the document in a telephone conference on October 31, 2007 and in written form until November 6, 2007. The Committee will then consider revisions, and will deliver final recommendations to Health and Human Services later this year. National Committee On Vital And Health Statistics Report to the Secretary of the U.S. Department of Health and Human Services on Enhanced Protections for Uses of Health Data: A Stewardship Framework for "Secondary Uses" of Electronically Collected and Transmitted Health Data (pdf): http://www.ncvhs.hhs.gov/071031lt.pdf National Committee on Vital and Health Statistics Call for Public Comments: http://www.ncvhs.hhs.gov/071031fr.htm EPIC's page on Medical Privacy: http://www.epic.org/privacy/medical/ ======================================================================== [7] EPIC Bookstore: "Privacy Law and Society" ======================================================================== "Privacy Law and Society" by Anita Allen (West Group 2007) http://www.powells.com/partner/24075/biblio/9780314163585 Professor Anita L. Allen and Henry R. Silverman have written a new privacy law textbook geared to American law schools. The textbook also has the advantage of being versatile enough to be used by instructors of a wide range of topics from undergraduate Constitutional Law to Personal Decision Making, Information Society, Surveillance Society, and Journalism and First Amendment. Professor Allen offers instructors who use the textbook additional resources in the form of model syllabi for courses and a Teacher's Manual. Selected case law illustrates the core privacy values enumerated in the torts of intrusion by physical or other means upon the seclusion of another; publication of the private life of another; breach of confidentiality; appropriation of the name or likeness of another; rights in a performance; and making public matters that cast another in a false light. In a discussion concerning reasonable expectations of privacy, the textbook asks: how much privacy should be expected for a person receiving medical care in their home versus a hospital; having photographs developed by a Wal-Mart photo shop; being credited with saving a President's life; being infected with HIV/AIDS; being incarcerated; being in public view; traveling by air; owning a firearm; being in a personal relationship; being at work, at play, or in a court; having with relatives with criminal backgrounds; having health records; attending a school; participating in a faith community; being under emotional distress… and the list goes on. However, according to the authors of the textbook the law does not establish a "walled-off" domain where privacy can reside because components of privacy are incorporated into every aspect of our lives. For example, while marriage is a private relationship, the government can require licenses and blood tests. The case for privacy is found in philosophical, sociological, and human rights works that chronicle the development of personal space, where people choose with whom they associate general and personal ways. These relationships are further broken down into levels of intimacy i.e. family, co-workers, classmates, associates, and acquaintances. These categories may be further defined as wife/husband, significant other, partner, children/stepchildren/adopted, parents/in-laws/grandparents, cousins, and aunts/uncles, etc. Whether you are looking for a great resource for an academic course on privacy law, a straightforward discussion of privacy from a real world context, or a good practitioner's desk reference on privacy law cases in the United States, I highly recommend this textbook. -- Lillie Coney ================================ EPIC Publications: "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "FOIA 2004: Litigation Under the Federal Open Government Laws," Harry Hammitt, David Sobel and Tiffany Stedman, editors (EPIC 2004). Price: $40. http://www.epic.org/bookstore/foia2004 This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 22nd edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore "EPIC Bookshelf" at Powell's Books http://www.powells.com/features/epic/epic.html ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: https://mailman.epic.org/cgi-bin/control/foia_notes ======================================================================== [8] Upcoming Conferences and Events ======================================================================== Seattle Technology Law Conference. December 13-14, 2007. Seattle, WA. For more information: http://www.lawseminars.com/seminars/07COMWA.php ACI’s 7th National Symposium on Privacy & Security of Consumer and Employee Information. January 23-24, 2008. Philadelphia, PA. For more information: http://www.americanconference.com/privacy Computer Professionals for Social Responsibility: Technology in Wartime Conference. January 26, 2008. Stanford University. For more information: http://cpsr.org/news/compiler/2007/Compiler200707#twc Future of the Internet Economy - OECD Ministerial Meeting. June 14-18, 2008. Seoul, Korea. For more information: http://www.oecd.org/document/19/0,2340,en_2649_37441_38051667 _1_1_1_37441,00.html ====================================================================== Subscription Information ====================================================================== Subscribe/unsubscribe via web interface: https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ======================================================================== Privacy Policy ======================================================================== The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================== About EPIC ======================================================================== The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================== Donate to EPIC ======================================================================== If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ------------------------- END EPIC Alert 14.22 ------------------------- .