EPIC logo

  
========================================================================
                            E P I C  A l e r t
========================================================================
Volume 14.24                                          November 28, 2007
------------------------------------------------------------------------

                             Published by the
                Electronic Privacy Information Center (EPIC)
                             Washington, D.C.
              http://www.epic.org/alert/EPIC_Alert_14.24.html


========================================================================
                            E P I C Job Announcement
========================================================================
 
         EPIC is seeking a smart, energetic, creative individual 
                      for the position of Staff Counsel

                          Deadline: Nov. 30, 2007

                        Click here for more details
            http://www.epic.org/epic/jobs/counsel_1007.html


========================================================================
Table of Contents
========================================================================
[1] UK Government Reveals Largest Data Breach in UK History
[2] EPIC Publishes 'Litigation Under the Federal Open Government Laws'
[3] US Homeland Security Backs Off No Match Plan
[4] Senators Urge Privacy Review of Proposed Google-DoubleClick Deal
[5] House, Key Senate Committee Reject Telecommunications Immunity
[6] News in Brief
[7] EPIC Bookstore: "Generation Digital"
[8] Upcoming Conferences and Events
    - Subscription Information
    - Privacy Policy
    - About EPIC
    - Donate to EPIC
	   http://www.epic.org/donate

========================================================================
[1] UK Government Reveals Largest Data Breach in UK History
========================================================================

Last week, the UK government announced the biggest loss of personal
information in the UK's history. Two unencrypted computer disks
containing the personal records of all families in the UK with a child
under the age of 16 went missing en route from the Revenue and Customs
department to the National Audit Office. UK's Information Commissioner,
Richard Thomas, stated that, "[t]his is an extremely serious and
disturbing security breach."

The disks comprised Revenue and Customs' entire collection child benefit
payment data. The disks were being sent to the National Audit Office
using an internal courier system, but documentation of the transmission
was not recorded or registered. The child benefit data listed on the
disks includes name, address, date of birth, National Insurance number
and, where relevant, bank details of 25 million people. Revenue and
Customs chairman Paul Gray resigned after the announcement of the
breach.

Simon Davies, of Privacy International, noted that the UK government did
not address the key threats arising from the breach. “The Chancellor's
words were carefully chosen, but they told us noting about the extent of
the security threat.” He stressed that “criminals need to have only a
basic level of information about an individual. They can then use
resources such as public records or the Internet to fill in gaps.”
Further, “there is also a significant risk that the amount of data may
be sufficient for criminals to guess passwords and pass phrases.”

According to Gartner Inc., UK banks could end up spending over $500
million to close and reopen millions of bank accounts and reissue debit
cards to affected customers. Government officials do not know whether
the data has been intercepted by a third party, but caution all affected
citizens to monitor their bank accounts for any suspicious activities.

As the result of over 300 telephone inquiries from the general public to
Privacy International since the government's announcement of the data
breach, the organization has decided to pursue legal action. The claim
will be made against the UK government directly on behalf of the
complainants and indirectly on behalf of all those people affected by
the unlawful disclosure from UK Revenue and Customs for a general (not
statute-based) breach of a duty of care on the basis of negligence.

In testimony to Westminster's Joint Commons and Lords Human Rights
Committee, data protection minister Michael Wills acknowledged that the
planned national UK identity card scheme and national identity register
will have to be reassessed in the wake of this latest government data
breach scandal. Since the announcement of the data breach, opponents to
the national ID card system have called on Prime Minister Brown to scrap
implementation plans. Instead of backing down on its plans, however, the
UK government has stated that it will re-evaluate the ID system and
“start afresh” with more checks and balances. The government says the
new system will hold only core identity information and biometrics, and
will not have any tax, benefit or other financial records stored.
Biometric and biographical information will also be stored in separate
databases. The government did not comment, however, on the need for the
collection and centralization of such vast stores of information in the
first place.

Privacy International Comments on UK Tax Agency Data Breach:

     http://www.epic.org/redirect/pi_breach1.html

Privacy International to pursue data breach legal action against UK
government:

     http://www.epic.org/redirect/pi_breach2.html

Privacy and Human Rights 2006:

     http://www.epic.org/phr06

EPIC's page on National ID and REAL ID:

     http://www.epic.org/privacy/id_cards/


========================================================================
[2] EPIC Publishes 'Litigation Under the Federal Open Government Laws'
========================================================================

"Litigation Under the Federal Open Government Laws," published by EPIC
in cooperation with Access Reports and the James Madison Project, is the
standard reference work covering all aspects of the Freedom of
Information Act, the Privacy Act, the Government in the Sunshine Act,
and the Federal Advisory Committee Act. The book draws upon the
expertise of practicing attorneys who are recognized experts in the
field. Appendices include the text of the relevant acts and sample
pleadings for litigators. This is a comprehensive guide to FOIA and open
government, essential for anyone interested in open access laws. The
twenty-third edition includes a new chapter on searching for records,
international open government resources, a glossary of key terms, and is
updated with new significant cases.

EPIC's FOIA manual "Deserves a place in the library of everyone who is
involved in, or thinking about, litigation under the Freedom of
Information Act," says Steve Aftergood, Director of the Project on
Government Secrecy at the Federation of American Scientists.

"The federal open government laws are critical to help ensure government
accountability particularly during times of increasing secrecy," said
Marc Rotenberg, EPIC Executive Director. "The new edition of EPIC's open
government manual has invaluable information for experienced
practitioners and first-time requesters."

"For anyone who has an interest in open government laws, and especially
those who file or litigate FOIA requests, this publication is an
essential tool to help facilitate success," said Mark S. Zaid, Esq.,
Executive Director of The James Madison Project.

"Litigation Under the Federal Open Government Laws" is available at:

     http://www.epic.org/bookstore/foia2006/

Access Reports: 
     
     http://www.accessreports.com

James Madison Project:

     http://www.jamesmadisonproject.org


========================================================================
[3] US Homeland Security Backs Off No Match Plan
========================================================================

A month after a federal judge issued a temporary restraining order
prohibiting the federal government from enforcing a new rule connected
to its employment eligibility verification system (now called
"E-Verify"), the Department of Homeland Security has dropped its attempt
to implement that rule. In papers filed on November 23, the government
requested the case be suspended until March 2008 while it issues a
revised rule.

U.S. District Judge Charles R. Breyer granted the motion and also
ordered the government to "file monthly reports to the Court on the
first day of each month from the date of this Order through March 1,
2008 updating the Court on the status of the additional rulemaking
proceedings" on the regulation at issue. The rule sought to require
employers to fire employees if they are unable to resolve "no match"
discrepancies within 90 days. In October, the judge had issued a
temporary restraining order prohibiting the government from implementing
the rule and from issuing 140,000 "no match" letters to employers, which
would affect about 8 million workers nationwide.

The Department of Homeland Security (DHS) had hoped to expand its
employment eligibility verification system, previously called "Basic
Pilot," to encompass 6 million employers and 143.6 million workers
nationwide. But Congress rejected such legislation this summer, so DHS
attempted to make changes through administrative regulation.

The AFL-CIO, ACLU, and National Immigration Law Center filed suit,
claiming DHS exceeded its authority and failed to comply with
requirements that they said would cause great harm to millions of
Americans. In granting the temporary restraining order in October, Judge
Breyer said, "It is the Court's view, as set forth below, that DHS has
failed to comply with these mandated requirements and, if allowed to
proceed, the mailing of no-match letters, accompanied by DHS's guidance
letter, would result in irreparable harm to innocent workers and
employers."

EPIC has repeatedly detailed the myriad of security and privacy problems
inherent in the E-Verify system. At a House Subcommittee on Social
Security hearing on June 7, EPIC urged the strengthening of privacy
safeguards associated with employment eligibility verification systems
and said existing agency database problems should be corrected before a
nationwide expansion is considered. Federal reviews have deemed the
system "seriously flawed in content and accuracy." For example, the
Social Security Administration database is estimated to include 18
million incorrect records. Judge Breyer noted in his October order that
"the government recognizes, the no-match letters are based on SSA
records that include numerous errors."

AFL-CIO v. Chertoff Page Including All Legal Documents:

     http://www.aclu.org/immigrants/workplace/31643res20070829.html

EPIC Spotlight on Surveillance About Problems in E-Verify: "E-Verify
System: DHS Changes Name, But Problems Remain for U.S. Workers" (July
2007):

     http://www.epic.org/privacy/surveillance/spotlight/0707/

EPIC's Testimony on Employment Verification Systems before the House
Committee on Ways and Means (June 6, 2007) (pdf):

     http://www.epic.org/privacy/ssn/eevs_test_060707.pdf

EPIC's Page on Social Security Numbers:

     http://www.epic.org/privacy/ssn/


========================================================================
[4] Senators Urge Privacy Review of Proposed Google-DoubleClick Deal
========================================================================

In a November 19 letter to the Federal Trade Commission, Senators Herb
Kohl and Orrin Hatch, Chairman and Ranking Member of the Senate
Judiciary Committee's Subcommittee on Antitrust, Competition Policy and
Consumer Rights, urged the FTC to critically analyze the privacy and
competition effects of Google's $3.1 billion proposed merger with
Internet advertising company DoubleClick. "[T]his deal raises
fundamental consumer privacy concerns worthy of serious scrutiny," the
senators wrote. The proposed merger is under review by the U.S. Federal
Trade Commission following complaints filed by EPIC, the Center for
Digital Democracy and US PIRG that detail the reasons why the FTC needs
to establish substantial privacy safeguards as a condition of the
merger.

Senators Kohl and Hatch previously highlighted the privacy risks in
September, when the Senate Judiciary Committee's Subcommittee on
Antitrust, Competition Policy and Consumer Rights held a hearing
entitled "An Examination of the Google-DoubleClick Merger and the Online
Advertising Industry: What Are the Risks for Competition and Privacy?"
"Some commentators believe that antitrust policymakers should not be
concerned with these fundamental issues of privacy, and merely be
content to limit their review to traditional questions of effects on
advertising rates. We disagree," Sen. Kohl said. "The antitrust laws
were written more than a century ago out of a concern with the effects
of undue concentrations of economic power for our society as a whole,
and not just merely their effects on consumers' pocketbooks. No one
concerned with antitrust policy should stand idly by if industry
consolidation jeopardizes the vital privacy interests of our citizens so
essential to our democracy."

At the same hearing, Sen. Hatch said, "I believe that Google's intent is
to act in a responsible manner with the information that it collects.
However, I also believe the American consumer must be made fully aware
of the fact that when they use search engines or click on
advertisements, whether it's a text or display ad, there's a strong
possibility that personal information is being collected and stored."
EPIC Executive Director Marc Rotenberg testified, detailing proposals
for a range of steps the Commission could take by means of a consent
order to safeguard consumer privacy.

There have been increasing calls for oversight of the FTC's
investigation into the proposed Google-DoubleClick merger. On November
7, a dozen Republican members of the House Subcommittee on Commerce,
Trade and Consumer Protection requested a hearing into the privacy
aspects of the proposed Google-DoubleClick merger. In a letter, the
members stated that the privacy implications of the merger "are
enormous" and that a hearing is needed to understand how consumers'
information is used and what can be done to better protect consumer
privacy.

On October 26, Representative Ed Towns, member of the U.S. House
Committee on Energy and Commerce, wrote to FTC Chairman Deborah Platt
Majoras asking the Commission "to analyze the unique consumer protection
issues raised by Google's proposed acquisition of DoubleClick." He urged
the Commission to ask questions, including, "Could Google become so
powerful that it no longer would be subject to market pressure to
compete with respect to the quality of its privacy practices?"

Also on October 26, in a letter to the Subcommittee on Financial
Services and General Government of the U.S. House Committee on
Appropriations, EPIC urged oversight of the Federal Trade Commission's
review of the proposed Google-DoubleClick merger. The Subcommittee is
responsible for the annual appropriation for the Federal Trade
Commission. EPIC set out the privacy concerns arising from the proposed
merger as well as the statements of various experts. If the FTC fails to
establish substantial privacy safeguards as a condition of the proposed
Google-DoubleClick merger, "we believe there should be a comprehensive
investigation of the factors that led to the FTC's decision," EPIC said.

The proposed merger is also under review in Europe. On November 13,
after completing its preliminary investigation, the European Commission
Directorate on Competition announced a four-month in-depth investigation
into the proposed merger. According to the Directorate, "[t]he
Commission will, in particular, investigate whether without this
transaction, DoubleClick would have grown into an effective competitor
of Google in the market for online ad intermediation. It will also
investigate whether the merger, which combines the leading providers of
respectively, on the one hand, online advertising space and
intermediation services, and, on the other hand, ad serving technology,
could lead to anti-competitive restrictions for competitors operating in
these markets and thus harm consumers."

Senators Herb Kohl and Orrin Hatch, Chairman and Ranking Member of the
Subcommittee on Antitrust, Competition Policy and Consumer Rights of the
Senate Judiciary Committee, Letter urging FTC to give "serious scrutiny"
to privacy and antitrust aspects of proposed Google-DoubleClick merger,
November 19, 2007 (pdf):

      http://www.epic.org/privacy/ftc/google/sen_anti_111907.pdf

Senate Judiciary Committee, "An Examination of the Google-DoubleClick
Merger and the Online Advertising Industry: What Are the Risks for
Competition and Privacy?":

      http://judiciary.senate.gov/hearing.cfm?id=2955

Twelve Republican Members of Congress, Letter Requesting a Hearing on
the Privacy Aspects of the Proposed Google/DoubleClick Merger (November
6, 2007) (pdf):

      http://www.epic.org/redirect/repub_ltr.html

Representative Ed Towns, Member of the U.S. House Committee on Energy
and Commerce, Letter to FTC Chairman Deborah Platt Majoras urging a
critical review of the proposed Google-DoubleClick merger, October 26,
2007 (pdf):

      http://www.epic.org/privacy/ftc/google/towns_102607.pdf

EPIC's Letter to the House Subcommittee on Financial Services and
General Government (October 26, 2007) (pdf):

      http://www.epic.org/privacy/ftc/google/hfin_102607.pdf

European Commission Directorate on Competition, Press Release, Mergers:
Commission opens in-depth investigation into Google's proposed take over
of DoubleClick (November 13, 2007):

      http://www.epic.org/redirect/ec_release2.html

EPIC's page on Privacy? Proposed Google/DoubleClick Deal:

      http://www.epic.org/privacy/ftc/google/


========================================================================
[5] House, Key Senate Committee Reject Telecommunications Immunity
========================================================================

Debates on amendments to the Foreign Intelligence Surveillance Act
(FISA) continued in the House and Senate. FISA establishes a separate
legal regime for "foreign intelligence" surveillance distinct from
ordinary law enforcement surveillance. FISA can also be used to obtain
some business records. FISA was amended this summer by the Protect
America Act (PAA) which expires in February of 2008. The PAA removes
some surveillance from the limited FISA court review, allows the
government to create more surveillance programs with limited review, and
immunizes from lawsuits telecommunications companies who participate in
these programs. A key issue in the reform is the inclusion of
retroactive immunity for telecommunications companies that participated
in the president's warrantless surveillance program.

The Senate Judiciary Committee recently passed a bill to replace the
PAA; the proposed bill does not include immunity. In explaining his
stance on immunity, Senate Judicary Committee Chairman Patrick Leahy
stated: "the retroactive immunity issue to me is not about fixing blame
on the companies but about holding government accountable. Passing a law
to whitewash the Administration's undermining of another law would be a
disservice to the American people and to the rule of law." The bill has
yet to be reconciled with a Senate Intelligence Committee bill, which
does provide immunity.

Meanwhile, the House of Representatives approved the RESTORE Act. The
RESTORE Act provides more avenues for FISA court review. The FISA court
will review the procedures used to target people abroad. Additionally,
the RESTORE Act narrows the scope of new surveillance authorities to
include only terrorism and national security, and not broader foreign
intelligence information. The RESTORE Act increases the size of the FISA
court from 11 to 15 judges; allows the court to sit together in an
en-banc review of individual judges; and authorizes more expenditures on
administration staff to handle surveillance applications Intelligence
officials must report their surveillance orders to Congress, as well as
perform regular audits every 3 months. Congress also requests an audit
of all warrantless surveillance programs. The new provisions of the
RESTORE Act are set to expire in December of 2009.

The President has vowed to veto any legislation that does not include
retroactive immunity for telecommunications companies.

RESTORE Act (H.R. 3773):

     http://thomas.loc.gov/cgi-bin/bdquery/z?d110:h.r.03773:

Leahy Statement on Judiciary Committee FISA Consideration:

     http://leahy.senate.gov/press/200711/111507c.html

EPIC's page on FISA:

     http://www.epic.org/privacy/terorrism/fisa/default.html


========================================================================
[6] News in Brief
========================================================================

Facebook to Collect, Distribute User Interactions With Third Party Sites

Social networking website Facebook.com recently introduced its
controversial "Beacon" feature. Facebook users who shop at third party
websites will have their purchases broadcast to their friends via
Facebook. Facebook receives this third party information and shares it
unless user opt-out during a brief pop-up window at the third party
site. Interest group MoveOn.org has started a campaign against this
feature. The MoveOn petition and Facebook group demand that Facebook
share user information only with explicit opt-in permission. Facebook
considered, but did not adopt, a blanket opt-out for the Beacon feature.

Facebook Beacon:

     http://www.facebook.com/business/?beacon

MoveOn Petition:

     http://civ.moveon.org/facebookprivacy/?rc=fb_front

EPIC's page on Social Networking Privacy:

     http://www.epic.org/privacy/socialnet/


Alert Voting Equipment Evaluations (NIST) Comments

The National Institute for Standards and Technology (NIST) is seeking
the participation of voting equipment manufacturers in Phase II of their
benchmark research for voting equipment certified or submitted for
certification to the 2005 Voluntary Voting System Guidelines.

A new federal voting system certification process was established by the
Help America Vote Act of 2002, and is intended to assure that electronic
voting systems used in federal public elections meet minimum
requirements established by the Election Assistance Commission (EAC). 
Only two of the eight voting systems submitted to the EAC have requested
certification under the 2005 Voluntary Voting System Guidelines. The
other systems are seeking approval under the quasi-federal 2002
guidelines developed as a collaboration between the National Association
of State Elections Directors and the Federal Election Commission.

The testing is limited to a review of the usability of voting systems. 
NIST is conducting research to identify realistic usability benchmarks
for current and future voting system technology, and develop usability
test protocols for conformance testing to voting technology usability
standards. Those companies with an interest in participating in the
project are invited by NIST to contact the agency by writing to NIST,
Building 222, Room A328, 100 Bureau Drive, Mail Stop 8970, Gaithersburg,
MD 2899-8970. Companies that volunteer their voting systems for
participation in the research project will have the machines returned in
one year. The agency has agreed to communicate to manufacturers all
usability problems identified by NIST's tests.

The Help America Vote Act (HAVA) established NIST as the technical
resource to assist the EAC with developing voting technology standards,
but to date the agency has not had the benefit of access to all voting
systems being used in federal public elections.

EPIC's page on Voting Privacy:

     http://www.epic.org/privacy/voting/

National Committee for Voting Integrity:

     http://votingintegrity.org/

Election Assistance Commission (EAC):

     http://www.eac.gov/

EAC Page on Systems under certification review:

     http://www.epic.org/redirect/eac.html

NIST Federal Register Announcement:

     http://www.epic.org/redirect/nist.html


Brazil Hosts Second Internet Governance Forum

The second annual meeting of the Internet Governance Forum took place in
Rio de Janeiro, Brazil on November 12-15. Over 2,100 government,
private, academic and civil society representatives participated in the
event, which featured seven main sessions and  five thematic panel
discussions built around the IGF themes of critical Internet resources,
access, diversity, openness and security. The entire meeting was webcast
and transcribed in real time. Remote participation occurred via blogs,
chat rooms, and email. In addition to the main sessions, 84
self-organized events were held, including meetings of each of the IGF
dynamic coalitions, workshops, best practices forums, and open forums.
The next IGF meeting will be held in New Delhi, India, on December 8-11,
2008.

Internet Governance Forum:

     http://www.intgovforum.org/

IGF Chairman's Summary (pdf):

     http://www.epic.org/redirect/igf.html
     
The Public Voice:

     http://www.thepublicvoice.org

IGF Dynamic Coalition on Privacy Wiki:

     http://wiki.igf-online.net/wiki/Privacy


Netflix Movie Ratings Database De-Anonymized

Two researchers have been able to re-identify a previously anonymized
database. Netflix, the online movie subscription service, released a
de-identifieid database of movie ratings for researchers. However, two
researchers were able to re-identify the database by comparing the
netflix ratings to those publicly available on the Intenet Movie
Database (IMDB) website.  EPIC has recently warned of privacy threat of
re-identified anonymous data in its amicus brief in IMS Health vs.
Ayotte.  EPIC wrote in support of a law that prohibits the sale or
transfer of prescription records that have had patient name removed, but
maintain prescriber, or physician identities.

Breaking the Netflix Prize Dataset:

     http://arxivblog.com/?p=142

EPIC's page on IMS Health vs. Ayotte:

     http://www.epic.org/privacy/imshealth/


Head of Greece's Privacy Agency Resigns Over Camera Surveillance of
Protests

The head of Greece's privacy watchdog resigned over the government's use
of traffic cameras to monitor demonstrations, raising the stakes in a
heated dispute over civil liberties. Dimitris Gourgourakis said police
"directly breached" his powerful Data Protection Authority's regulations
by using closed-circuit cameras for surveillance at a central Athens
protest, despite a ban. "I believe this constitutes a blow to the
authority's independence," said Gourgourakis, a former senior judge. The
authority's deputy head and another two members also stepped down in
protest.

The cameras were originally installed for the country's hosting of the
2004 Athens Olympic Games. About 350 cameras were positioned on busy
thoroughfares and public squares as part of a $1.47 billion Olympic
security program. After the conclusion of the Olympics, Greek police
issued several requests for continued broad use of the cameras.  The
Data Protection Authority has allowed the cameras to remain functional
for traffic monitoring only, and has published strict guidelines to be
followed for this purpose.

Hellenic Data Protection Authority:

     http://www.dpa.gr/home_eng.htm

Privacy and Human Rights 2006:

     http://www.epic.org/phr06

EPIC's page on Video Surveillance:

     http://www.epic.org/privacy/surveillance


========================================================================
[7] EPIC Bookstore: "Generation Digital"
========================================================================

Generation Digital: Politics, Commerce and Childhood in the Age of the
Internet by Kathryn C. Montgomery (MIT Press 2007)

     http://www.powells.com/partner/24075/biblio/9780262134781

In her recent publication, “Generation Digital,” Kathryn Montgomery,
Professor in the Public Communication Division, School of Communication,
at American University, examines the influence that new media technology
and the first generation of fully-integrated “digital youth” exert on
one another. Montgomery traces the evolution of marketing from its
humble demographic tailoring of early television programming and
advertising to today's sophisticated “one-to-one” relationship-building
spaces, or “branded environments,” on the Internet in a fascinating
study of the advertising industry's most coveted commodity: personal
information.

The chronology traces several major legal and political battles over
children's media and privacy issues throughout the 1980s and 90s,
including debates over the Communications Decency Act, the controversy
over the “V-chip,” and the challenge of setting an age range for
Internet safeguards contained in COPPA legislation. Seen as a
particularly vulnerable online group, children became the focus of
regulators, and their online activities became the testing ground for
Internet access regulation and privacy protections.

In searching to find their own identities, online youth have defined and
shaped new media spaces. The online medium has allowed children to
explore new social spaces and experiences free of face-to-face pressures
and inhibitions. Teens learn simultaneously to manage complex online
relationships and the technology itself, placing this demographic group
at the forefront of cultural and technological evolution. As stated by
Montgomery, “It's not about teens, it is teens.”

By detailing the history and development of surveillance infrastructure
largely created by corporations in the marketing industry and mainly
targeted at young consumers, Montgomery provides a richly documented
case for the need for “national and international conversation, informed
by research, on how digital technologies can best serve the needs of
children and youth.” Montgomery's balanced and thoughtful analyses form
an excellent basis for such discussions, and her book is an invaluable
addition to the scholarship in this rapidly evolving field.

-- Allison Knight


================================


EPIC Publications:

"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.
http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.

================================

"FOIA 2006: Litigation Under the Federal Open Government Laws," Harry
A. Hammitt, Marc Rotenberg, Melissa Ngo, and Mark S. Zaid, editors
(EPIC 2007). Price: $50. http://www.epic.org/bookstore/foia2006

This is the standard reference work covering all aspects of the Freedom
of Information Act, the Privacy Act, the Government in the Sunshine Act,
and the Federal Advisory Committee Act.  The 23nd edition fully updates
the manual that lawyers, journalists and researchers have relied on for
more than 25 years.  For those who litigate open government cases (or
need to learn how to litigate them), this is an essential reference
manual.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).  This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.
http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the
CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books
http://www.powells.com/bookshelf/epicorg.html

================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:
https://mailman.epic.org/cgi-bin/control/foia_notes


========================================================================
[8] Upcoming Conferences and Events
========================================================================

Internet Identity Workshop. Mountain View, CA. December 3-5, 2007. For
more information http://www.windley.com/events/iiw2007b/register.shtml

Yale Law School Conference: Reputation Economies in Cyberspace. New
Haven, CT. December 8, 2007. For more information
https://wems.worldtek.com/RepEcon

Seattle Technology Law Conference. December 13-14, 2007. Seattle, WA.
For more information: http://www.lawseminars.com/seminars/07COMWA.php

US Department of Homeland Security Privacy Office Public Workshop: CCTV
- Developing Privacy Best Practices. Arlington, VA. December 17-18,
2007. For more information, email privacyworkshop@dhs.gov

ACI’s 7th National Symposium on Privacy & Security of Consumer and
Employee Information.  January 23-24, 2008.  Philadelphia, PA.  For more
information: http://www.americanconference.com/privacy

Computer Professionals for Social Responsibility: Technology in Wartime
Conference. January 26, 2008. Stanford University. For more
information: http://cpsr.org/news/compiler/2007/Compiler200707#twc

Future of the Internet Economy - OECD Ministerial Meeting. June 14-18,
2008. Seoul, Korea. For more information:
http://www.oecd.org/document/19/0,2340,en_2649_37441_38051667
_1_1_1_37441,00.html

======================================================================
Subscription Information
======================================================================

Subscribe/unsubscribe via web interface:

https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news

Back issues are available at:

http://www.epic.org/alert

The EPIC Alert displays best in a fixed-width font, such as Courier.

========================================================================
Privacy Policy
========================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."

========================================================================
About EPIC
========================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC.  It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research.  For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

========================================================================
Donate to EPIC
========================================================================

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009.  Or you can contribute online at:

http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

------------------------- END EPIC Alert 14.22 -------------------------

.