EPIC logo

  

========================================================================
                              E P I C  A l e r t
========================================================================
Volume 15.05                                            March 7, 2008
------------------------------------------------------------------------

                               Published by the
                  Electronic Privacy Information Center (EPIC)
                               Washington, D.C.

                http://www.epic.org/alert/EPIC_Alert_15.05.html


========================================================================
Table of Contents
========================================================================
[1] Right to Information Initiatives Move Forward
[2] Data Broker Merger Threatens Privacy
[3] German Court Limits Cyber-Spying
[4] Medical Records To Go Online, Privacy Risks for Patients
[5] EC Opens Public Consultation on RFID Recommendations
[6] News in Brief
[7] EPIC Bookstore: "Searching Eyes"
[8] Upcoming Conferences and Events
     - Subscription Information
     - Privacy Policy
     - About EPIC
     - Donate to EPIC
       http://www.epic.org/donate

========================================================================
[1] Right to Information Initiatives Move Forward
========================================================================

In advance of National Sunshine Week in the United States, important
efforts are underway around the world to promote access to information
and greater government transparency.

The Carter Center in Atlanta hosted an International Conference on the
Right to Public Information with former President Jimmy Carter, South
African Supreme Court Justice Albie Sachs, Justice Diego Garcia-Sayan of
the Inter-American Court of Rights, and other top government officials,
academics, and advocates working to promote open government. The
conference is preparing a declaration to advise governments on how best
to promote openness and transparency around the world.

At the OECD in Paris, delegates met recently to consider a new
Recommendation for Enhanced Access and More Effective Use of Public
Sector Information. The OECD Framework on Access to Information is
expected to be presented at the OECD Ministerial Conference that will
take place in Seoul, June 17-18, 2008.

From March 16-22, 2008, U.S. National Sunshine Week will bring together
open government advocates to discuss transparency issues.    The 2008
National FOI Day Conference, hosted in Washington, D.C. by the First
Amendment Center, will brief attendees on recent changes to U.S. open
records law and feature comments from experts on a variety of open
government topics.  On March 18, 2008, Associated Press President and
CEO Tom Curley will speak on freedom of information issues at The
National Press Club.  The speech will update Mr. Curley's 2004
Hays-Enterprise Lecture, which many view as a catalyst for ongoing
attempts to preserve and strengthen U.S. transparency laws.

Carter Center, International Conference on the Right to Public
Information:

     http://epic.org/redirect/carter_website.html

Carter Center, "Access to Information: A Key to Democracy"

     http://epic.org/redirect/carter_report_en.html 

Certer Center, "Acceso a la Información: La Llave para la Democracia"

     http://epic.org/redirect/carter_report_esp.html

OECD Minsiterial Conference 2008

     http://www.oecdministerialseoul2008.org/en/

Sunshine Week 2008 Events: 
     
     http://www.sunshineweek.org/sunshineweek/events08

2008 National FOI Day Conference: 

    http://www.firstamendmentcenter.org/about.aspx?item=2008_FOI_Agenda

AP President and CEO Tom Curley to Speak on FOI: 

     http://www.sunshineweek.org/sunshineweek/curleyatnpc08

The Public Voice

     http://www.thepublicvoice.org


========================================================================
[2] Data Broker Merger Threatens Privacy
========================================================================

Reed-Elsevier, the corporate parent of Lexis-Nexis, announced that it
plans to acquire Choicepoint, the databroker, for approximately $4
billion.  The proposed merger would consolidate two of the America's
largest aggregators of personal consumer information.  Consumer privacy
will be seriously affected if the merger is approved without privacy
safeguards.  The previous Google-Doubleclick merger, which involved two
large databases of personal information, similarly raised privacy as
well as antitrust issues.   EPIC asked the Federal Trade Commission to
require privacy safeguards as a condition of approving the
Google-Doubleclick deal.

Choicepoint is a large player in the commercial databroker market,
selling data products that are used by law enforcement, government
agencies, and the private sector.  The company has been the target of an
EPIC privacy complaint as a result of the privacy harms caused by its
business practices.  EPIC has been especially critical of Choicepoint's
collection and provision of data without Fair Credit Reporting Act
protections.

In 2005, Choicepoint disclosed the personal financial records of more
than 163,000 consumers to identity thieves.  More than 800 cases of
identity theft arose from the data breach.  Choicepoint was fined $15
million by the Federal Trade Commission as a result of the disclosures.
In addition, Choicepoint paid $500,000 to settle lawsuits brought by the
Attorneys General of forty-four states, and paid another $10 million to
settle a class action lawsuit brought by victims of the breach.

Lexis-Nexis also has history of wrongfully disclosing consumers'
sensitive personal information.  In 2005, the company disclosed personal
information about 310,000 Americans to identity thieves.  Lexis-Nexis
disclosed information including consumers' names, addresses, social
security numbers, and drivers' license details.  In the immediate wake
of Lexis-Nexis' data breach, New York Senator Charles E. Schumer told
The Washington Post, "it is clear that things are totally out of hand."

EPIC's page on Choicepoint: 

     http://epic.org/privacy/choicepoint/

FTC web page detailing $15 million fine levied against Choicepoint: 

     http://www.ftc.gov/opa/2006/01/choicepoint.shtm

EPIC's December 16, 2004 FTC Complaint regarding Choicepoint: 
     
     http://epic.org/privacy/choicepoint/fcraltr12.16.04.html

EPIC's page on the proposed Google/Doubleclick Deal: 

     http://epic.org/privacy/ftc/google/

========================================================================
[3] German Court Limits Cyber-Spying
========================================================================

A German Constitutional Court ruling recognized a new "fundamental right
to the protection of confidentiality and the integrity of information
technology systems." The court was deciding a case involving the use of
spyware by authorities as part of computer searches. A state law in
North Rhine-Westphalia permitted police officials to monitor suspect's
computers by sending a Trojan horse or other spyware to the computer.
This would permit complete access to the suspect's hard drive as well as
ongoing monitoring of emails and other communications. The ruling halts
an effort to create a federal law permitting such monitoring.

The court struck down the law, complementing earlier decisions on the
right to informational self-determination and the right to absolute
protection for the core area of private conduct of life.  The court
recognized that the use of information systems is of central importance
to the personal development of many individuals. The monitoring of such
systems allows far reaching conclusions about the personal development
of individuals.

The Court permitted exceptions. Under extreme conditions, and with
permission of a judge, the police may monitor information technology
systems.  If there are factual indications of concrete danger to life,
the foundations of the state or the freedom of people, then limited
monitoring may occur. Steps must be taken to protect core data.
Improperly collected data must be deleted and cannot be re-used. These
maintain the requirement of proportionality.

Spyware has been used in the United States to capture information from
suspect's computers. The FBI used spyware to capture suspected mobster
Nicodemo Scarfo's encryption passphrase. A court permitted surreptitious
entry into his office in order to allow the installation and maintenance
of the keylogger software. Applications for warrants before the secret
Foreign Intelligence Surveillance Act court also sometimes involved the
use of spyware.

Court Press Release (German):

     http://www.bverfg.de/pressemitteilungen/bvg08-022.html

Germany: New basic right to privacy of computer systems:

     http://epic.org/redirect/edri_germany.html 

EPIC Wiretap Page:

     http://epic.org/privacy/wiretap/

EPIC Keylogger (US v. Scarfo) Page:

     http://epic.org/crypto/scarfo.html

========================================================================
[4] Medical Records To Go Online, Privacy Risks for Patients
========================================================================
The Cleveland Clinic, a health care service provider, announced its
partnership with Google to provide an electronic personal health records
service to patients. The initial effort seeks the participation of
10,000 patients in a project that would provide Google with personal
health on Cleveland Clinic patients. There are more than 100,000
patients that are served by the Cleveland Clinic, which currently uses
an electronic personal health record under its eCleveland Clinic MyChart
service.

Cleveland Clinic patients who participate in the online data-sharing
project can disclose among other personal information prescriptions,
allergies, and laboratory results. Google reports that it will not share
or sell the information, but does not explicitly reject use of the data
for internal commercial purposes. Google's interest in the project is to
build a platform that would allow access to many sources of medical
information.

In 2000, the Health Insurance Portability and Accountability Act (HIPAA)
became the first federal law that provided privacy protection for
personal health information.  However, the Department of Health and
Human Services' final rule implementing the law includes a large number
of exemptions.  HIPAA does not protect personal health information
voluntarily shared by patients with a non-health care provider. HIPAA
does allow states with strong medical privacy laws to continue to
protect residents.

Google is emerging as a major online ad service provider with a growing
base of businesses purchasing services to market effectively to online
consumers. The Federal Trade Commission, which exercises jurisdiction in
matters of consumer and competition protection declined to consider
privacy in its decision to allow the merger of Google and Double Click,
a major online advertiser service provider.

Electronic health records federal legislation has been introduced in the
US Senate and House.


EPIC Medical Records Privacy Page: 

     http://epic.org/privacy/medical/
 
House Resolution 1368 Personalized Health Information Act of 2007:

     http://thomas.loc.gov/cgi-bin/bdquery/z?d110:h.r.01368:
 
Senate Resolution 1814 Health Information Privacy and Security Act:

     http://thomas.loc.gov/cgi-bin/bdquery/z?d110:s.01814:

========================================================================
[5] EC Opens Public Consultation on RFID Recommendations
========================================================================

The European Commission has published draft guidelines on the use radio
frequency identification (RFID) technology in member countries. The
Commission launched the public debate on RFID in 2006 and has held
workshops, an online consultation, and a conference to gather
information to create these draft guidelines. The Commission seeks to
"provides guidance to Member States and stakeholders on the design and
operation of RFID applications in a lawful, ethically admissible and
socially and politically acceptable way, respecting the right to privacy
and ensuring protection of personal data and appropriate information
security."

The Commission makes a number of privacy recommendations including: RFID
operators should conduct privacy impact assessments before deploying the
technology "to determine what implications its implementation could
raise for privacy and the protection of personal data, and whether the
application could be used to monitor an individual," "Member States
should ensure that RFID application operators and providers of
components of such applications take appropriate technical and
organizational measures to mitigate the ensuing privacy and data
protection risks," and that there should be immediate deactivation of
RFID tags when goods are purchased. The Commission also said,
"deactivation or removal of tags should not entail any reduction or
termination of the legal obligations of the retailer or manufacturer
towards the consumer. Consumers should be able to verify that the action
is effective."

The use of RFID technology is increasing daily. The tags have been added
to clothing, passports, credit cards, and a number of other consumer
products. At least one company sells RFID chips that can be implanted
into individuals, and these implants have been used by companies for
security purposes. In the United States, Wisconsin and North Dakota have
banned forced RFID implantation, but there is continuing debate about
the definition of "voluntary" implantation.

Last year, the National Institute of Standards and Technology (NIST)
issued its "Guidelines for Securing Radio Frequency Identification
(RFID) Systems," detailing how to address, in the context of an RFID
system, the basic principles of the Organization for Economic
Co-operation and Development's Guidelines on the Protection of Privacy
and Transborder Flows of Personal Data. NIST urged retailers, federal
agencies, and other organizations to evaluate the potential security and
privacy risks of RFID technology and use best practices to reduce them.
"As people possess more tagged items and networked RFID readers become
ever more prevalent, organizations may have the ability to combine and
correlate data across applications to infer personal identity and
location and build personal profiles in ways that increase the privacy
risk," NIST said.

EPIC has detailed the privacy and security problems that can accompany
use of RFID technology in testimony and analyses. Privacy and security
risks associated with RFID-enabled identification cards include
"skimming," or reading of RFID data from an unauthorized reader, and
"eavesdropping," interception of data as it is being read by an
authorized reader. In 2004, EPIC released "Guidelines on Commercial Use
of RFID Technology," which address commercial, private applications that
may use RFID tags to draw conclusions about consumers without their
knowledge or consent, or that might generate data that could be used for
entirely different purposes at a later date.

In the Guidelines, EPIC imposes minimum requirements on RFID users,
recognizing the advantages that RFID technology can provide while at the
same time addressing privacy problems. EPIC also details practices that
RFID users should never engage, including tracking, snooping, and
coercing consumers to accept live RFID tags or associate their personal
data with an RFID application. EPIC also states the rights of consumers
who are exposed to RFID technology, including: access to the data
collected, removal of the tags and data, and ability to challenge RFID
users and data collectors' processes.

The public is encouraged to submit comments on the European Commission
recommendations. The deadline is April 25. A final version of the
recommendations is expected in Summer 2008.

European Commission, Public consultation on draft recommendation on the
implementation of privacy, data protection and information security
principles in applications supported by Radio Frequency Identification:

     http://ec.europa.eu/information_society/policy/rfid/index_en.htm

National Institute of Standards and Technology, "Guidelines for Securing
Radio Frequency Identification (RFID) Systems" (April 2007) (pdf):

     http://epic.org/redirect/nist_report.html 

EPIC's Guidelines on Commercial Use of RFID Technology (pdf):

     http://epic.org/privacy/rfid/rfid_gdlnes-070904.pdf

EPIC's page on Radio Frequency Identification (RFID) Technology:

     http://epic.org/privacy/rfid/

========================================================================
[6] News in Brief
========================================================================

Study Shows Consumers Support Limits on Law Enforcement Access to Cell
Phone Location Information

A study, published this week by the Samuelson Law, Technology & Public
Policy Clinic at the University of California-Berkeley School of Law,
reveals that consumers strongly favor requirements that law enforcement
obtain a warrant and provide notice to an individual before obtaining
access to historical location information.  More than 70% of
Californians polled favored stronger privacy protections than those
currently set forth in federal law, 18 U.S.C. § 2703(d), which permits
disclosure when information is "relevant and material to an ongoing
criminal investigation."  Law enforcement agencies are increasingly able
to locate individuals by accessing wireless phone records, as well as
records generated by other wireless devices and services.  The study
also indicated broad support for location tracking in emergency
situations.

Research Report: A Supermajority of Californians Supports Limits on Law
Enforcement Access to Cell Phone Location Information:

     http://www.law.berkeley.edu/clinics/samuelson/gbo_location2007.pdf

EPIC's page on Customer Proprietary Network Information:

     http://epic.org/privacy/cpni/



New Cyber Initiative to Monitor All Traffic Crossing Government Networks

On February 28, the House Committee on Homeland Security held a hearing
on the new Cyber Initiative being implemented by the Department of
Homeland Security.  The new initiative proposes measures to increase
network security of government run networks including all .gov websites
and local, state, and federal e-gov operations.

The measures include reducing the number of external Internet
connections that the government network has currently and also to
install the traffic monitoring and intrusion detection system known as
EINSTEIN on all of those connections.  EINSTEIN is an enterprise level
system that is similar to what Internet service providers use now to
monitor the activities over their networks.  The EINSTEIN system
produces analyses on all network traffic and records personally
identifiable information for later use.

House Committee on Homeland Security Hearing Page:

     http://homeland.house.gov/Hearings/index.asp?ID=118

Privacy Impact Assessment Produced by US-CERT (pdf):

     www.dhs.gov/xlibrary/assets/privacy/privacy_pia_eisntein.pdf

EPIC's page on Internet Privacy:

     http://epic.org/privacy/internet/



EAC Extends Comment Period for Voting Standards

The Election Assistance Commission has extended the public comment
period on the agency's Technical Guidelines Development Committee draft
of voluntary voting system guidelines until May 5, 2008.  The deadline
for public comment is to allow those with interest in standards
development for electronic voting systems to have time to participate in
the public comment process.

The Help America Vote Act (HAVA) of 2002 was the first time the federal
government has completely taken on the task of developing voting system
standards.  This will be the second Voluntary Voting Systems document
prepared by the Election Assistance Commission since the new law was
passed. The first voluntary voting system document was released in
December 2005.

EAC Public Comment Page for Voluntary Voting System Guidelines:

     http://www.eac.gov/vvsg

EPIC Voting Project Page:

     http://votingintegrity.org

Version of the VVSG Adopted in December 2005 (pdf):

     http://www.votingintegrity.org/pdf/vvsg_%20vol_I-1.pdf



UK rejects mandatory DNA database

The UK Home Office has rejected a proposal for a universal DNA register,
consisting of the DNA of every UK resident, citing practical and ethical
concerns. A senior police officer proposed the mandatory DNA database,
after DNA evidence identified a suspect in the murder of a woman in
2005. The DNA was collected from the suspect after he had been arrested
for an unrelated assault.

The UK already has the largest DNA database in the world, containing 4.5
million profiles. DNA is routinely collected from individuals who are
arrested, whether or not they are charged with a crime.

EPIC's page on Genetic Privacy:

     http://epic.org/privacy/genetic/

UK Home Office - The National DNA Database:

     http://epic.org/redirect/uk_dna.html 



Researchers Create Easy Process to Access Encrypted Computer Data

In a technology paper released February 21, researchers at Princeton's
Center for Information Technology Policy revealed a cheap and easy
process for accessing encrypted data stored on computer hard disks. When
the computer is turned off, then standard memory chips that temporarily
hold data, including encryption keys, are supposed to be erased.
However, the researchers learned that the data is retained for up to
several minutes after the power is cut off. By using cold air from a
standard can of dust remover, the researchers were able to cool the
chips, which then "hold their state for hours at least, without any
power." When the chips are put into other computers, their contents can
be accessed using special programs and the encryption keys read.

Princeton, Center for Information Technology Policy, "Lest We Remember:
Cold Boot Attacks on Encryption Keys":

     http://citp.princeton.edu/memory/

EPIC and Privacy International, "Privacy and Human Rights Report 2006,"
chapter on "Surveillance of Communications":

     http://epic.org/redirect/pi_website.html 



Canadian Privacy Commissioner Issues Report on Camera Surveillance

On March 3, Ontario Information and Privacy Commissioner Ann Cavoukian
issued a report on the Toronto Transit System's recent expansion of its
video surveillance system. Privacy International had filed a complaint
with the office regarding plans to deploy 12,000 cameras across
Toronto's transportation network of buses, streetcars, and subways at a
cost of $18 million. Privacy International argued that the collection
principles in the relevant legislation are not being sufficiently
attended to in that the collection is not necessary, that the scheme is
being deployed without consideration to privacy and associated
protocols, and with insufficient consideration regarding access powers.
After a four-month investigation, the Commissioner ruled that the
system, "is in compliance with Ontario's Municipal Freedom of
Information and Protection of Privacy Act - but she is calling on the
TTC to undertake a number of specific steps to enhance privacy
protection." The Commissioner recommends that TTC reduce its retention
period "from a maximum of seven days to a maximum of 72 hours (the same
standard as the Toronto Police), unless required for an investigation";
that the "video surveillance policy should specifically state that the
annual audit must be thorough, comprehensive, and must test all program
areas of the TTC employing video surveillance to ensure compliance with
the policy and the written procedures" and be conducted by an
independent third party; and other privacy recommendations.

"TTC's surveillance cameras comply with privacy Act, but additional
steps needed to enhance privacy protection," says Privacy Commissioner
Ann Cavoukian.

Office of the Ontario Information and Privacy Commissioner:

     http://www.ipc.on.ca/index.asp?navid=55&fid1=737

Privacy International complaint (Oct. 24) (pdf):

     http://www.epic.org/redirect/PIComplaint.html

EPIC page on Video Surveillance:
 
     http://epic.org/privacy/surveillance/



FBI Director reports bureau privacy breaches

FBI Director Robert Mueller reported further FBI privacy breaches to the
Senate Judiciary Committee on March 5, 2008. In 2006, the FBI improperly
used national security letters to obtain personal data on American
citizens, in relation to terrorism and spy investigations. National
security letters allow the FBI to collect personal data without court
approval. The FBI can gather the data using national security letters
from various sources, including banks, credit bureaus, telephone
companies, and Internet service providers.

The committee held the hearing to examine the effectiveness of the FBI
in carrying out its responsibilities. In a statement, Senator Patrick
Leahy, Chairman of the Committee, said "It is vitally important for the
FBI to master emerging and enhanced technologies in the fight against
crime and terrorism. But we must also be cognizant of the impact that
such a database can have on the privacy rights and civil liberties of
Americans. It is more important than ever that the FBI acts in ways that
protect and enhance the rights and values that define us as Americans,
not undermine them."

Senate Judiciary Committee Hearing:

     http://judiciary.senate.gov/hearing.cfm?id=3165

EPIC's page on Domestic Surveillance:

     http://epic.org/features/surveillance.htm

========================================================================
[7] EPIC Bookstore: "Searching Eyes"
========================================================================

Searching Eyes: Privacy, the State, and Disease Surveillance in America
by Amy L. Fairchild, Ronald Bayer and James Colgrove

     http://www.powells.com/partner/24075/biblio/9780520253254

The boundaries between privacy and public health welfare are being
constantly renegotiated and remain heavily contested in the realm of
governmental disease surveillance, due to competing social, ethical and
legal interests. Authors Amy Fairchild, Ronald Bayer and James Colgrove
highlight the shifting tensions between the competing interests of
privacy and public health in their book “Searching Eyes: Privacy, The
State, and Disease Surveillance in America”. The book chronicles over a
century of disease surveillance with meticulous documentation of disease
reporting and examines the underlying politics of surveillance and
privacy.

The definition of disease surveillance has evolved with time, as has the
justification for such surveillance. Disease surveillance began as the
required name-based reporting of disease to state and local health
departments, often resulting in government program-planning or
interventions to control the disease. The justification for state
intrusion and intervention often stems from the fear and panic that is
induced by disease and palpable threats to public health welfare, with
disease surveillance promising to protect society from epidemics.

The book begins in the late 19th century, with an account of public
health officials seeking reporting on patients with tuberculosis and
venereal diseases. Later, the emergence of  “democratic privacy” altered
the landscape of the privacy debate, as the people with illnesses
themselves demanded registration in databanks for cancer, occupational
disease or birth defects, to highlight their cases in order to create
support for social and legislative reform.

The identity of medical privacy advocates has also evolved over the last
century. In the advent, it was doctors who were the staunch opponents of
required name reporting of their patients citing doctor-patient
confidentiality. Today, patients themselves and concerned citizens are
all involved in defending the privacy rights of individuals who are
targeted by disease surveillance.

The authors assess public health surveillance in a broad political and
social context. In their conclusion, they candidly concede to not
resolving the prevailing controversy surrounding health surveillance,
nor did they seek to resolve it. Rather their motivation was to continue
the discussion in negotiating these shifting boundaries between privacy
and public health, as part of much needed healthy discourse in the realm
where the role and reach of government is only expanding.


================================


EPIC Publications:

"Information Privacy Law: Cases and Materials, Second Edition" Daniel J.
Solove, Marc Rotenberg, and Paul Schwartz. (Aspen 2005). Price: $98.
http://www.epic.org/redirect/aspen_ipl_casebook.html

This clear, comprehensive introduction to the field of information
privacy law allows instructors to enliven their teaching of fundamental
concepts by addressing both enduring and emerging controversies. The
Second Edition addresses numerous rapidly developing areas of privacy
law, including: identity theft, government data mining and electronic
surveillance law, the Foreign Intelligence Surveillance Act,
intelligence sharing, RFID tags, GPS, spyware, web bugs, and more.
Information Privacy Law, Second Edition, builds a cohesive foundation
for an exciting course in this rapidly evolving area of law.

================================

"Privacy & Human Rights 2006: An International Survey of Privacy Laws
and Developments" (EPIC 2007). Price: $75.
http://www.epic.org/phr06/

This annual report by EPIC and Privacy International provides an
overview of key privacy topics and reviews the state of privacy in over
75 countries around the world. The report outlines legal protections,
new challenges, and important issues and events relating to privacy.
Privacy & Human Rights 2006 is the most comprehensive report on privacy
and data protection ever published.

================================

"FOIA 2006: Litigation Under the Federal Open Government Laws," Harry
A. Hammitt, Marc Rotenberg, Melissa Ngo, and Mark S. Zaid, editors
(EPIC 2007). Price: $50. http://www.epic.org/bookstore/foia2006

This is the standard reference work covering all aspects of the Freedom
of Information Act, the Privacy Act, the Government in the Sunshine Act,
and the Federal Advisory Committee Act.  The 23nd edition fully updates
the manual that lawyers, journalists and researchers have relied on for
more than 25 years.  For those who litigate open government cases (or
need to learn how to litigate them), this is an essential reference
manual.

================================

"The Public Voice WSIS Sourcebook: Perspectives on the World Summit on
the Information Society" (EPIC 2004). Price: $40.
http://www.epic.org/bookstore/pvsourcebook

This resource promotes a dialogue on the issues, the outcomes, and the
process of the World Summit on the Information Society (WSIS).  This
reference guide provides the official UN documents, regional and
issue-oriented perspectives, and recommendations and proposals for
future action, as well as a useful list of resources and contacts for
individuals and organizations that wish to become more involved in the
WSIS process.

================================

"The Privacy Law Sourcebook 2004: United States Law, International Law,
and Recent Developments," Marc Rotenberg, editor (EPIC 2005). Price:
$40.
http://www.epic.org/bookstore/pls2004/

The Privacy Law Sourcebook, which has been called the "Physician's Desk
Reference" of the privacy world, is the leading resource for students,
attorneys, researchers, and journalists interested in pursuing privacy
law in the United States and around the world. It includes the full
texts of major privacy laws and directives such as the Fair Credit
Reporting Act, the Privacy Act, and the OECD Privacy Guidelines, as well
as an up-to-date section on recent developments. New materials include
the APEC Privacy Framework, the Video Voyeurism Prevention Act, and the
CAN-SPAM Act.

================================

"Filters and Freedom 2.0: Free Speech Perspectives on Internet Content
Controls" (EPIC 2001). Price: $20.
http://www.epic.org/bookstore/filters2.0

A collection of essays, studies, and critiques of Internet content
filtering.  These papers are instrumental in explaining why filtering
threatens free expression.

================================

EPIC publications and other books on privacy, open government, free
expression, crypto and governance can be ordered at:

EPIC Bookstore http://www.epic.org/bookstore

"EPIC Bookshelf" at Powell's Books
http://www.powells.com/bookshelf/epicorg.html

================================

EPIC also publishes EPIC FOIA Notes, which provides brief summaries of
interesting documents obtained from government agencies under the
Freedom of Information Act.

Subscribe to EPIC FOIA Notes at:
https://mailman.epic.org/cgi-bin/control/foia_notes


========================================================================
[8] Upcoming Conferences and Events
========================================================================

ALI-ABA, Privacy Law: Developments, Planning, and Litigation. March
13-14, 2008. Washington, D.C. For more information: 
http://www.ali-aba.org/CN090

First Annual Freedom of Information Day Celebration. March 17, 2008.
American University Washington College of Law, DC. For more information:
http://www.wcl.american.edu/secle/founders/2008/031708.cfm

Openthegovernment.org, "Government Secrecy: Censoring Your Right to
Know." March 19, 2008. National Press Club, DC. For more information:
http://www.openthegovernment.org/article/subarchive/109

Windows Into the Soul: Surveillance and Society in an Age of High
Technology - 2008 Hixon-Riggs Forum on Science, Technology and Society.
March 27-29, 2008. Claremont, California. For more information:
http://www.hmc.edu/newsandevents/hixon08.html

CFP 2008: Technology Policy 08. New Haven, Connecticut. May 19-23,
2008. For more information: http://www.cfp2008.org

Future of the Internet Economy - OECD Ministerial Meeting. June 17-18,
2008. Seoul, Korea. For more information:
http://www.oecd.org/document/19/0,2340,en_2649_37441_38051667
_1_1_1_37441,00.html

Conference on Ethics, Technology and Identity. The Hague. June 18-20,
2008. For more information http://www.ethicsandtechnology.eu/ETI

======================================================================
Subscription Information
======================================================================

Subscribe/unsubscribe via web interface:

https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_news

Back issues are available at:

http://www.epic.org/alert

The EPIC Alert displays best in a fixed-width font, such as Courier.

========================================================================
Privacy Policy
========================================================================

The EPIC Alert mailing list is used only to mail the EPIC Alert and to
send notices about EPIC activities.  We do not sell, rent or share our
mailing list.  We also intend to challenge any subpoena or other legal
process seeking access to our mailing list.  We do not enhance (link to
other databases) our mailing list or require your actual name.

In the event you wish to subscribe or unsubscribe your e-mail address
from this list, please follow the above instructions under "subscription
information."

========================================================================
About EPIC
========================================================================

The Electronic Privacy Information Center is a public interest research
center in Washington, DC.  It was established in 1994 to focus public
attention on emerging privacy issues such as the Clipper Chip, the
Digital Telephony proposal, national ID cards, medical record privacy,
and the collection and sale of personal information. EPIC publishes the
EPIC Alert, pursues Freedom of Information Act litigation, and conducts
policy research.  For more information, see http://www.epic.org or write
EPIC, 1718 Connecticut Ave., NW, Suite 200, Washington, DC 20009. +1 202
483 1140 (tel), +1 202 483 1248 (fax).

========================================================================
Donate to EPIC
========================================================================

If you'd like to support the work of the Electronic Privacy Information
Center, contributions are welcome and fully tax-deductible.  Checks
should be made out to "EPIC" and sent to 1718 Connecticut Ave., NW,
Suite 200, Washington, DC 20009.  Or you can contribute online at:
http://www.epic.org/donate

Your contributions will help support Freedom of Information Act and
First Amendment litigation, strong and effective advocacy for the right
of privacy and efforts to oppose government regulation of encryption and
expanding wiretapping powers.

Thank you for your support.

------------------------- END EPIC Alert 15.04 -------------------------

.