======================================================================== E P I C A l e r t ======================================================================== Volume 14.24 November 28, 2007 ------------------------------------------------------------------------ Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. http://www.epic.org/alert/EPIC_Alert_14.24.html ======================================================================== E P I C Job Announcement ======================================================================== EPIC is seeking a smart, energetic, creative individual for the position of Staff Counsel Deadline: Nov. 30, 2007 Click here for more details http://www.epic.org/epic/jobs/counsel_1007.html ======================================================================== Table of Contents ======================================================================== [1] UK Government Reveals Largest Data Breach in UK History [2] EPIC Publishes 'Litigation Under the Federal Open Government Laws' [3] US Homeland Security Backs Off No Match Plan [4] Senators Urge Privacy Review of Proposed Google-DoubleClick Deal [5] House, Key Senate Committee Reject Telecommunications Immunity [6] News in Brief [7] EPIC Bookstore: "Generation Digital" [8] Upcoming Conferences and Events - Subscription Information - Privacy Policy - About EPIC - Donate to EPIC http://www.epic.org/donate ======================================================================== [1] UK Government Reveals Largest Data Breach in UK History ======================================================================== Last week, the UK government announced the biggest loss of personal information in the UK's history. Two unencrypted computer disks containing the personal records of all families in the UK with a child under the age of 16 went missing en route from the Revenue and Customs department to the National Audit Office. UK's Information Commissioner, Richard Thomas, stated that, "[t]his is an extremely serious and disturbing security breach." The disks comprised Revenue and Customs' entire collection child benefit payment data. The disks were being sent to the National Audit Office using an internal courier system, but documentation of the transmission was not recorded or registered. The child benefit data listed on the disks includes name, address, date of birth, National Insurance number and, where relevant, bank details of 25 million people. Revenue and Customs chairman Paul Gray resigned after the announcement of the breach. Simon Davies, of Privacy International, noted that the UK government did not address the key threats arising from the breach. “The Chancellor's words were carefully chosen, but they told us noting about the extent of the security threat.” He stressed that “criminals need to have only a basic level of information about an individual. They can then use resources such as public records or the Internet to fill in gaps.” Further, “there is also a significant risk that the amount of data may be sufficient for criminals to guess passwords and pass phrases.” According to Gartner Inc., UK banks could end up spending over $500 million to close and reopen millions of bank accounts and reissue debit cards to affected customers. Government officials do not know whether the data has been intercepted by a third party, but caution all affected citizens to monitor their bank accounts for any suspicious activities. As the result of over 300 telephone inquiries from the general public to Privacy International since the government's announcement of the data breach, the organization has decided to pursue legal action. The claim will be made against the UK government directly on behalf of the complainants and indirectly on behalf of all those people affected by the unlawful disclosure from UK Revenue and Customs for a general (not statute-based) breach of a duty of care on the basis of negligence. In testimony to Westminster's Joint Commons and Lords Human Rights Committee, data protection minister Michael Wills acknowledged that the planned national UK identity card scheme and national identity register will have to be reassessed in the wake of this latest government data breach scandal. Since the announcement of the data breach, opponents to the national ID card system have called on Prime Minister Brown to scrap implementation plans. Instead of backing down on its plans, however, the UK government has stated that it will re-evaluate the ID system and “start afresh” with more checks and balances. The government says the new system will hold only core identity information and biometrics, and will not have any tax, benefit or other financial records stored. Biometric and biographical information will also be stored in separate databases. The government did not comment, however, on the need for the collection and centralization of such vast stores of information in the first place. Privacy International Comments on UK Tax Agency Data Breach: http://www.epic.org/redirect/pi_breach1.html Privacy International to pursue data breach legal action against UK government: http://www.epic.org/redirect/pi_breach2.html Privacy and Human Rights 2006: http://www.epic.org/phr06 EPIC's page on National ID and REAL ID: http://www.epic.org/privacy/id_cards/ ======================================================================== [2] EPIC Publishes 'Litigation Under the Federal Open Government Laws' ======================================================================== "Litigation Under the Federal Open Government Laws," published by EPIC in cooperation with Access Reports and the James Madison Project, is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The book draws upon the expertise of practicing attorneys who are recognized experts in the field. Appendices include the text of the relevant acts and sample pleadings for litigators. This is a comprehensive guide to FOIA and open government, essential for anyone interested in open access laws. The twenty-third edition includes a new chapter on searching for records, international open government resources, a glossary of key terms, and is updated with new significant cases. EPIC's FOIA manual "Deserves a place in the library of everyone who is involved in, or thinking about, litigation under the Freedom of Information Act," says Steve Aftergood, Director of the Project on Government Secrecy at the Federation of American Scientists. "The federal open government laws are critical to help ensure government accountability particularly during times of increasing secrecy," said Marc Rotenberg, EPIC Executive Director. "The new edition of EPIC's open government manual has invaluable information for experienced practitioners and first-time requesters." "For anyone who has an interest in open government laws, and especially those who file or litigate FOIA requests, this publication is an essential tool to help facilitate success," said Mark S. Zaid, Esq., Executive Director of The James Madison Project. "Litigation Under the Federal Open Government Laws" is available at: http://www.epic.org/bookstore/foia2006/ Access Reports: http://www.accessreports.com James Madison Project: http://www.jamesmadisonproject.org ======================================================================== [3] US Homeland Security Backs Off No Match Plan ======================================================================== A month after a federal judge issued a temporary restraining order prohibiting the federal government from enforcing a new rule connected to its employment eligibility verification system (now called "E-Verify"), the Department of Homeland Security has dropped its attempt to implement that rule. In papers filed on November 23, the government requested the case be suspended until March 2008 while it issues a revised rule. U.S. District Judge Charles R. Breyer granted the motion and also ordered the government to "file monthly reports to the Court on the first day of each month from the date of this Order through March 1, 2008 updating the Court on the status of the additional rulemaking proceedings" on the regulation at issue. The rule sought to require employers to fire employees if they are unable to resolve "no match" discrepancies within 90 days. In October, the judge had issued a temporary restraining order prohibiting the government from implementing the rule and from issuing 140,000 "no match" letters to employers, which would affect about 8 million workers nationwide. The Department of Homeland Security (DHS) had hoped to expand its employment eligibility verification system, previously called "Basic Pilot," to encompass 6 million employers and 143.6 million workers nationwide. But Congress rejected such legislation this summer, so DHS attempted to make changes through administrative regulation. The AFL-CIO, ACLU, and National Immigration Law Center filed suit, claiming DHS exceeded its authority and failed to comply with requirements that they said would cause great harm to millions of Americans. In granting the temporary restraining order in October, Judge Breyer said, "It is the Court's view, as set forth below, that DHS has failed to comply with these mandated requirements and, if allowed to proceed, the mailing of no-match letters, accompanied by DHS's guidance letter, would result in irreparable harm to innocent workers and employers." EPIC has repeatedly detailed the myriad of security and privacy problems inherent in the E-Verify system. At a House Subcommittee on Social Security hearing on June 7, EPIC urged the strengthening of privacy safeguards associated with employment eligibility verification systems and said existing agency database problems should be corrected before a nationwide expansion is considered. Federal reviews have deemed the system "seriously flawed in content and accuracy." For example, the Social Security Administration database is estimated to include 18 million incorrect records. Judge Breyer noted in his October order that "the government recognizes, the no-match letters are based on SSA records that include numerous errors." AFL-CIO v. Chertoff Page Including All Legal Documents: http://www.aclu.org/immigrants/workplace/31643res20070829.html EPIC Spotlight on Surveillance About Problems in E-Verify: "E-Verify System: DHS Changes Name, But Problems Remain for U.S. Workers" (July 2007): http://www.epic.org/privacy/surveillance/spotlight/0707/ EPIC's Testimony on Employment Verification Systems before the House Committee on Ways and Means (June 6, 2007) (pdf): http://www.epic.org/privacy/ssn/eevs_test_060707.pdf EPIC's Page on Social Security Numbers: http://www.epic.org/privacy/ssn/ ======================================================================== [4] Senators Urge Privacy Review of Proposed Google-DoubleClick Deal ======================================================================== In a November 19 letter to the Federal Trade Commission, Senators Herb Kohl and Orrin Hatch, Chairman and Ranking Member of the Senate Judiciary Committee's Subcommittee on Antitrust, Competition Policy and Consumer Rights, urged the FTC to critically analyze the privacy and competition effects of Google's $3.1 billion proposed merger with Internet advertising company DoubleClick. "[T]his deal raises fundamental consumer privacy concerns worthy of serious scrutiny," the senators wrote. The proposed merger is under review by the U.S. Federal Trade Commission following complaints filed by EPIC, the Center for Digital Democracy and US PIRG that detail the reasons why the FTC needs to establish substantial privacy safeguards as a condition of the merger. Senators Kohl and Hatch previously highlighted the privacy risks in September, when the Senate Judiciary Committee's Subcommittee on Antitrust, Competition Policy and Consumer Rights held a hearing entitled "An Examination of the Google-DoubleClick Merger and the Online Advertising Industry: What Are the Risks for Competition and Privacy?" "Some commentators believe that antitrust policymakers should not be concerned with these fundamental issues of privacy, and merely be content to limit their review to traditional questions of effects on advertising rates. We disagree," Sen. Kohl said. "The antitrust laws were written more than a century ago out of a concern with the effects of undue concentrations of economic power for our society as a whole, and not just merely their effects on consumers' pocketbooks. No one concerned with antitrust policy should stand idly by if industry consolidation jeopardizes the vital privacy interests of our citizens so essential to our democracy." At the same hearing, Sen. Hatch said, "I believe that Google's intent is to act in a responsible manner with the information that it collects. However, I also believe the American consumer must be made fully aware of the fact that when they use search engines or click on advertisements, whether it's a text or display ad, there's a strong possibility that personal information is being collected and stored." EPIC Executive Director Marc Rotenberg testified, detailing proposals for a range of steps the Commission could take by means of a consent order to safeguard consumer privacy. There have been increasing calls for oversight of the FTC's investigation into the proposed Google-DoubleClick merger. On November 7, a dozen Republican members of the House Subcommittee on Commerce, Trade and Consumer Protection requested a hearing into the privacy aspects of the proposed Google-DoubleClick merger. In a letter, the members stated that the privacy implications of the merger "are enormous" and that a hearing is needed to understand how consumers' information is used and what can be done to better protect consumer privacy. On October 26, Representative Ed Towns, member of the U.S. House Committee on Energy and Commerce, wrote to FTC Chairman Deborah Platt Majoras asking the Commission "to analyze the unique consumer protection issues raised by Google's proposed acquisition of DoubleClick." He urged the Commission to ask questions, including, "Could Google become so powerful that it no longer would be subject to market pressure to compete with respect to the quality of its privacy practices?" Also on October 26, in a letter to the Subcommittee on Financial Services and General Government of the U.S. House Committee on Appropriations, EPIC urged oversight of the Federal Trade Commission's review of the proposed Google-DoubleClick merger. The Subcommittee is responsible for the annual appropriation for the Federal Trade Commission. EPIC set out the privacy concerns arising from the proposed merger as well as the statements of various experts. If the FTC fails to establish substantial privacy safeguards as a condition of the proposed Google-DoubleClick merger, "we believe there should be a comprehensive investigation of the factors that led to the FTC's decision," EPIC said. The proposed merger is also under review in Europe. On November 13, after completing its preliminary investigation, the European Commission Directorate on Competition announced a four-month in-depth investigation into the proposed merger. According to the Directorate, "[t]he Commission will, in particular, investigate whether without this transaction, DoubleClick would have grown into an effective competitor of Google in the market for online ad intermediation. It will also investigate whether the merger, which combines the leading providers of respectively, on the one hand, online advertising space and intermediation services, and, on the other hand, ad serving technology, could lead to anti-competitive restrictions for competitors operating in these markets and thus harm consumers." Senators Herb Kohl and Orrin Hatch, Chairman and Ranking Member of the Subcommittee on Antitrust, Competition Policy and Consumer Rights of the Senate Judiciary Committee, Letter urging FTC to give "serious scrutiny" to privacy and antitrust aspects of proposed Google-DoubleClick merger, November 19, 2007 (pdf): http://www.epic.org/privacy/ftc/google/sen_anti_111907.pdf Senate Judiciary Committee, "An Examination of the Google-DoubleClick Merger and the Online Advertising Industry: What Are the Risks for Competition and Privacy?": http://judiciary.senate.gov/hearing.cfm?id=2955 Twelve Republican Members of Congress, Letter Requesting a Hearing on the Privacy Aspects of the Proposed Google/DoubleClick Merger (November 6, 2007) (pdf): http://www.epic.org/redirect/repub_ltr.html Representative Ed Towns, Member of the U.S. House Committee on Energy and Commerce, Letter to FTC Chairman Deborah Platt Majoras urging a critical review of the proposed Google-DoubleClick merger, October 26, 2007 (pdf): http://www.epic.org/privacy/ftc/google/towns_102607.pdf EPIC's Letter to the House Subcommittee on Financial Services and General Government (October 26, 2007) (pdf): http://www.epic.org/privacy/ftc/google/hfin_102607.pdf European Commission Directorate on Competition, Press Release, Mergers: Commission opens in-depth investigation into Google's proposed take over of DoubleClick (November 13, 2007): http://www.epic.org/redirect/ec_release2.html EPIC's page on Privacy? Proposed Google/DoubleClick Deal: http://www.epic.org/privacy/ftc/google/ ======================================================================== [5] House, Key Senate Committee Reject Telecommunications Immunity ======================================================================== Debates on amendments to the Foreign Intelligence Surveillance Act (FISA) continued in the House and Senate. FISA establishes a separate legal regime for "foreign intelligence" surveillance distinct from ordinary law enforcement surveillance. FISA can also be used to obtain some business records. FISA was amended this summer by the Protect America Act (PAA) which expires in February of 2008. The PAA removes some surveillance from the limited FISA court review, allows the government to create more surveillance programs with limited review, and immunizes from lawsuits telecommunications companies who participate in these programs. A key issue in the reform is the inclusion of retroactive immunity for telecommunications companies that participated in the president's warrantless surveillance program. The Senate Judiciary Committee recently passed a bill to replace the PAA; the proposed bill does not include immunity. In explaining his stance on immunity, Senate Judicary Committee Chairman Patrick Leahy stated: "the retroactive immunity issue to me is not about fixing blame on the companies but about holding government accountable. Passing a law to whitewash the Administration's undermining of another law would be a disservice to the American people and to the rule of law." The bill has yet to be reconciled with a Senate Intelligence Committee bill, which does provide immunity. Meanwhile, the House of Representatives approved the RESTORE Act. The RESTORE Act provides more avenues for FISA court review. The FISA court will review the procedures used to target people abroad. Additionally, the RESTORE Act narrows the scope of new surveillance authorities to include only terrorism and national security, and not broader foreign intelligence information. The RESTORE Act increases the size of the FISA court from 11 to 15 judges; allows the court to sit together in an en-banc review of individual judges; and authorizes more expenditures on administration staff to handle surveillance applications Intelligence officials must report their surveillance orders to Congress, as well as perform regular audits every 3 months. Congress also requests an audit of all warrantless surveillance programs. The new provisions of the RESTORE Act are set to expire in December of 2009. The President has vowed to veto any legislation that does not include retroactive immunity for telecommunications companies. RESTORE Act (H.R. 3773): http://thomas.loc.gov/cgi-bin/bdquery/z?d110:h.r.03773: Leahy Statement on Judiciary Committee FISA Consideration: http://leahy.senate.gov/press/200711/111507c.html EPIC's page on FISA: http://www.epic.org/privacy/terorrism/fisa/default.html ======================================================================== [6] News in Brief ======================================================================== Facebook to Collect, Distribute User Interactions With Third Party Sites Social networking website Facebook.com recently introduced its controversial "Beacon" feature. Facebook users who shop at third party websites will have their purchases broadcast to their friends via Facebook. Facebook receives this third party information and shares it unless user opt-out during a brief pop-up window at the third party site. Interest group MoveOn.org has started a campaign against this feature. The MoveOn petition and Facebook group demand that Facebook share user information only with explicit opt-in permission. Facebook considered, but did not adopt, a blanket opt-out for the Beacon feature. Facebook Beacon: http://www.facebook.com/business/?beacon MoveOn Petition: http://civ.moveon.org/facebookprivacy/?rc=fb_front EPIC's page on Social Networking Privacy: http://www.epic.org/privacy/socialnet/ Alert Voting Equipment Evaluations (NIST) Comments The National Institute for Standards and Technology (NIST) is seeking the participation of voting equipment manufacturers in Phase II of their benchmark research for voting equipment certified or submitted for certification to the 2005 Voluntary Voting System Guidelines. A new federal voting system certification process was established by the Help America Vote Act of 2002, and is intended to assure that electronic voting systems used in federal public elections meet minimum requirements established by the Election Assistance Commission (EAC). Only two of the eight voting systems submitted to the EAC have requested certification under the 2005 Voluntary Voting System Guidelines. The other systems are seeking approval under the quasi-federal 2002 guidelines developed as a collaboration between the National Association of State Elections Directors and the Federal Election Commission. The testing is limited to a review of the usability of voting systems. NIST is conducting research to identify realistic usability benchmarks for current and future voting system technology, and develop usability test protocols for conformance testing to voting technology usability standards. Those companies with an interest in participating in the project are invited by NIST to contact the agency by writing to NIST, Building 222, Room A328, 100 Bureau Drive, Mail Stop 8970, Gaithersburg, MD 2899-8970. Companies that volunteer their voting systems for participation in the research project will have the machines returned in one year. The agency has agreed to communicate to manufacturers all usability problems identified by NIST's tests. The Help America Vote Act (HAVA) established NIST as the technical resource to assist the EAC with developing voting technology standards, but to date the agency has not had the benefit of access to all voting systems being used in federal public elections. EPIC's page on Voting Privacy: http://www.epic.org/privacy/voting/ National Committee for Voting Integrity: http://votingintegrity.org/ Election Assistance Commission (EAC): http://www.eac.gov/ EAC Page on Systems under certification review: http://www.epic.org/redirect/eac.html NIST Federal Register Announcement: http://www.epic.org/redirect/nist.html Brazil Hosts Second Internet Governance Forum The second annual meeting of the Internet Governance Forum took place in Rio de Janeiro, Brazil on November 12-15. Over 2,100 government, private, academic and civil society representatives participated in the event, which featured seven main sessions and five thematic panel discussions built around the IGF themes of critical Internet resources, access, diversity, openness and security. The entire meeting was webcast and transcribed in real time. Remote participation occurred via blogs, chat rooms, and email. In addition to the main sessions, 84 self-organized events were held, including meetings of each of the IGF dynamic coalitions, workshops, best practices forums, and open forums. The next IGF meeting will be held in New Delhi, India, on December 8-11, 2008. Internet Governance Forum: http://www.intgovforum.org/ IGF Chairman's Summary (pdf): http://www.epic.org/redirect/igf.html The Public Voice: http://www.thepublicvoice.org IGF Dynamic Coalition on Privacy Wiki: http://wiki.igf-online.net/wiki/Privacy Netflix Movie Ratings Database De-Anonymized Two researchers have been able to re-identify a previously anonymized database. Netflix, the online movie subscription service, released a de-identifieid database of movie ratings for researchers. However, two researchers were able to re-identify the database by comparing the netflix ratings to those publicly available on the Intenet Movie Database (IMDB) website. EPIC has recently warned of privacy threat of re-identified anonymous data in its amicus brief in IMS Health vs. Ayotte. EPIC wrote in support of a law that prohibits the sale or transfer of prescription records that have had patient name removed, but maintain prescriber, or physician identities. Breaking the Netflix Prize Dataset: http://arxivblog.com/?p=142 EPIC's page on IMS Health vs. Ayotte: http://www.epic.org/privacy/imshealth/ Head of Greece's Privacy Agency Resigns Over Camera Surveillance of Protests The head of Greece's privacy watchdog resigned over the government's use of traffic cameras to monitor demonstrations, raising the stakes in a heated dispute over civil liberties. Dimitris Gourgourakis said police "directly breached" his powerful Data Protection Authority's regulations by using closed-circuit cameras for surveillance at a central Athens protest, despite a ban. "I believe this constitutes a blow to the authority's independence," said Gourgourakis, a former senior judge. The authority's deputy head and another two members also stepped down in protest. The cameras were originally installed for the country's hosting of the 2004 Athens Olympic Games. About 350 cameras were positioned on busy thoroughfares and public squares as part of a $1.47 billion Olympic security program. After the conclusion of the Olympics, Greek police issued several requests for continued broad use of the cameras. The Data Protection Authority has allowed the cameras to remain functional for traffic monitoring only, and has published strict guidelines to be followed for this purpose. Hellenic Data Protection Authority: http://www.dpa.gr/home_eng.htm Privacy and Human Rights 2006: http://www.epic.org/phr06 EPIC's page on Video Surveillance: http://www.epic.org/privacy/surveillance ======================================================================== [7] EPIC Bookstore: "Generation Digital" ======================================================================== Generation Digital: Politics, Commerce and Childhood in the Age of the Internet by Kathryn C. Montgomery (MIT Press 2007) http://www.powells.com/partner/24075/biblio/9780262134781 In her recent publication, “Generation Digital,” Kathryn Montgomery, Professor in the Public Communication Division, School of Communication, at American University, examines the influence that new media technology and the first generation of fully-integrated “digital youth” exert on one another. Montgomery traces the evolution of marketing from its humble demographic tailoring of early television programming and advertising to today's sophisticated “one-to-one” relationship-building spaces, or “branded environments,” on the Internet in a fascinating study of the advertising industry's most coveted commodity: personal information. The chronology traces several major legal and political battles over children's media and privacy issues throughout the 1980s and 90s, including debates over the Communications Decency Act, the controversy over the “V-chip,” and the challenge of setting an age range for Internet safeguards contained in COPPA legislation. Seen as a particularly vulnerable online group, children became the focus of regulators, and their online activities became the testing ground for Internet access regulation and privacy protections. In searching to find their own identities, online youth have defined and shaped new media spaces. The online medium has allowed children to explore new social spaces and experiences free of face-to-face pressures and inhibitions. Teens learn simultaneously to manage complex online relationships and the technology itself, placing this demographic group at the forefront of cultural and technological evolution. As stated by Montgomery, “It's not about teens, it is teens.” By detailing the history and development of surveillance infrastructure largely created by corporations in the marketing industry and mainly targeted at young consumers, Montgomery provides a richly documented case for the need for “national and international conversation, informed by research, on how digital technologies can best serve the needs of children and youth.” Montgomery's balanced and thoughtful analyses form an excellent basis for such discussions, and her book is an invaluable addition to the scholarship in this rapidly evolving field. -- Allison Knight ================================ EPIC Publications: "Information Privacy Law: Cases and Materials, Second Edition" Daniel J. Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98. http://www.epic.org/redirect/aspen_ipl_casebook.html This clear, comprehensive introduction to the field of information privacy law allows instructors to enliven their teaching of fundamental concepts by addressing both enduring and emerging controversies. The Second Edition addresses numerous rapidly developing areas of privacy law, including: identity theft, government data mining and electronic surveillance law, the Foreign Intelligence Surveillance Act, intelligence sharing, RFID tags, GPS, spyware, web bugs, and more. Information Privacy Law, Second Edition, builds a cohesive foundation for an exciting course in this rapidly evolving area of law. ================================ "Privacy & Human Rights 2006: An International Survey of Privacy Laws and Developments" (EPIC 2007). Price: $75. http://www.epic.org/phr06/ This annual report by EPIC and Privacy International provides an overview of key privacy topics and reviews the state of privacy in over 75 countries around the world. The report outlines legal protections, new challenges, and important issues and events relating to privacy. Privacy & Human Rights 2006 is the most comprehensive report on privacy and data protection ever published. ================================ "FOIA 2006: Litigation Under the Federal Open Government Laws," Harry A. Hammitt, Marc Rotenberg, Melissa Ngo, and Mark S. Zaid, editors (EPIC 2007). Price: $50. http://www.epic.org/bookstore/foia2006 This is the standard reference work covering all aspects of the Freedom of Information Act, the Privacy Act, the Government in the Sunshine Act, and the Federal Advisory Committee Act. The 23nd edition fully updates the manual that lawyers, journalists and researchers have relied on for more than 25 years. For those who litigate open government cases (or need to learn how to litigate them), this is an essential reference manual. ================================ "The Public Voice WSIS Sourcebook: Perspectives on the World Summit on the Information Society" (EPIC 2004). Price: $40. http://www.epic.org/bookstore/pvsourcebook This resource promotes a dialogue on the issues, the outcomes, and the process of the World Summit on the Information Society (WSIS). This reference guide provides the official UN documents, regional and issue-oriented perspectives, and recommendations and proposals for future action, as well as a useful list of resources and contacts for individuals and organizations that wish to become more involved in the WSIS process. ================================ "The Privacy Law Sourcebook 2004: United States Law, International Law, and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price: $40. http://www.epic.org/bookstore/pls2004/ The Privacy Law Sourcebook, which has been called the "Physician's Desk Reference" of the privacy world, is the leading resource for students, attorneys, researchers, and journalists interested in pursuing privacy law in the United States and around the world. It includes the full texts of major privacy laws and directives such as the Fair Credit Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well as an up-to-date section on recent developments. New materials include the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the CAN-SPAM Act. ================================ "Filters and Freedom 2.0: Free Speech Perspectives on Internet Content Controls" (EPIC 2001). Price: $20. http://www.epic.org/bookstore/filters2.0 A collection of essays, studies, and critiques of Internet content filtering. These papers are instrumental in explaining why filtering threatens free expression. ================================ EPIC publications and other books on privacy, open government, free expression, crypto and governance can be ordered at: EPIC Bookstore http://www.epic.org/bookstore "EPIC Bookshelf" at Powell's Books http://www.powells.com/bookshelf/epicorg.html ================================ EPIC also publishes EPIC FOIA Notes, which provides brief summaries of interesting documents obtained from government agencies under the Freedom of Information Act. Subscribe to EPIC FOIA Notes at: https://mailman.epic.org/cgi-bin/control/foia_notes ======================================================================== [8] Upcoming Conferences and Events ======================================================================== Internet Identity Workshop. Mountain View, CA. December 3-5, 2007. For more information http://www.windley.com/events/iiw2007b/register.shtml Yale Law School Conference: Reputation Economies in Cyberspace. New Haven, CT. December 8, 2007. For more information https://wems.worldtek.com/RepEcon Seattle Technology Law Conference. December 13-14, 2007. Seattle, WA. For more information: http://www.lawseminars.com/seminars/07COMWA.php US Department of Homeland Security Privacy Office Public Workshop: CCTV - Developing Privacy Best Practices. Arlington, VA. December 17-18, 2007. For more information, email privacyworkshop@dhs.gov ACI’s 7th National Symposium on Privacy & Security of Consumer and Employee Information. January 23-24, 2008. Philadelphia, PA. For more information: http://www.americanconference.com/privacy Computer Professionals for Social Responsibility: Technology in Wartime Conference. January 26, 2008. Stanford University. For more information: http://cpsr.org/news/compiler/2007/Compiler200707#twc Future of the Internet Economy - OECD Ministerial Meeting. June 14-18, 2008. Seoul, Korea. For more information: http://www.oecd.org/document/19/0,2340,en_2649_37441_38051667 _1_1_1_37441,00.html ====================================================================== Subscription Information ====================================================================== Subscribe/unsubscribe via web interface: https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news Back issues are available at: http://www.epic.org/alert The EPIC Alert displays best in a fixed-width font, such as Courier. ======================================================================== Privacy Policy ======================================================================== The EPIC Alert mailing list is used only to mail the EPIC Alert and to send notices about EPIC activities. We do not sell, rent or share our mailing list. We also intend to challenge any subpoena or other legal process seeking access to our mailing list. We do not enhance (link to other databases) our mailing list or require your actual name. In the event you wish to subscribe or unsubscribe your e-mail address from this list, please follow the above instructions under "subscription information." ======================================================================== About EPIC ======================================================================== The Electronic Privacy Information Center is a public interest research center in Washington, DC. It was established in 1994 to focus public attention on emerging privacy issues such as the Clipper Chip, the Digital Telephony proposal, national ID cards, medical record privacy, and the collection and sale of personal information. EPIC publishes the EPIC Alert, pursues Freedom of Information Act litigation, and conducts policy research. For more information, see http://www.epic.org or write EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202 483 1140 (tel), +1 202 483 1248 (fax). ======================================================================== Donate to EPIC ======================================================================== If you'd like to support the work of the Electronic Privacy Information Center, contributions are welcome and fully tax-deductible. Checks should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. Or you can contribute online at: http://www.epic.org/donate Your contributions will help support Freedom of Information Act and First Amendment litigation, strong and effective advocacy for the right of privacy and efforts to oppose government regulation of encryption and expanding wiretapping powers. Thank you for your support. ------------------------- END EPIC Alert 14.22 ------------------------- .